[Pkg-freeipa-devel] [Git][freeipa-team/dogtag-pki][upstream] 994 commits: Replace XMLObject with JSONObject in CheckIdentity
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Feb 20 12:53:51 GMT 2023
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / dogtag-pki
Commits:
3be61444 by Chris Kelley at 2021-10-01T12:03:08+01:00
Replace XMLObject with JSONObject in CheckIdentity
- - - - -
f986f52e by Chris Kelley at 2021-10-04T16:05:02+01:00
Replace XMLObject with JSONObject in ImportTransportCert
Also fix modifier ordering to match the JLS
- - - - -
98f4f8e6 by Endi S. Dewata at 2021-10-05T10:23:24-05:00
Update version number to 11.1.0-alpha1
- - - - -
b2311dfc by Chris Kelley at 2021-10-06T14:42:20+01:00
Simplify logic in Request
* Don't return boolean literals
* Use ternary operator
- - - - -
935a7f44 by Endi S. Dewata at 2021-10-06T12:24:30-05:00
Remove references to resteasy-base
- - - - -
87e31bb0 by Endi S. Dewata at 2021-10-06T17:09:48-05:00
Rename pki-base-java to pki-java
- - - - -
6bcf65e9 by Endi S. Dewata at 2021-10-06T17:09:48-05:00
Rename pki-server-theme to pki-theme
- - - - -
68f57d64 by Chris Kelley at 2021-10-07T17:00:19+01:00
Deprecate XMLObject and replace with JSONObject in UpdateNumberRange
Keep XMLObject in client-side code until next major release for upgrade
backwards compatibility.
- - - - -
dcfa904e by Endi S. Dewata at 2021-10-08T14:14:37-05:00
Add -D option for pkispawn
A new pkispawn option has been added to specify a deployment
parameter as command line parameter.
- - - - -
e4d891b4 by Endi S. Dewata at 2021-10-08T14:14:37-05:00
Modify CA tests to use DS container
Most of CA tests have been modified to use a separate
DS container instead of creating a local DS instance.
The remaining CA tests that use secure DS connection
will be modified separately later.
- - - - -
213382bc by Endi S. Dewata at 2021-10-08T14:18:32-05:00
Remove references to PKI console and its theme in tests
- - - - -
cc6fc570 by Chris Kelley at 2021-10-11T14:53:06+01:00
Tidy up logic in KeyRecoveryAuthority
* Remove unnecessary else clauses
* Don't return Boolean literals
* Invert statements that use !=
* Replace comparison to "" with isEmpty() - the preceding code checks
for null explicitly so this is as safe as the existing code
* Remove comparisons to Boolean literals
- - - - -
8be10af0 by Chris Kelley at 2021-10-11T14:54:25+01:00
Remove unnecessary else clauses in AsymKeyGenService
- - - - -
6a84cbe9 by Chris Kelley at 2021-10-11T14:54:25+01:00
Remove commented out debug statements in AsymKeyGenService
- - - - -
257af180 by Christina Fu at 2021-10-11T10:31:52-07:00
Bug2012349-pkispawn-TKS-TPS-2step-install
The goal of this patch is to allows TKS/TPS to be installed using pkispawn
two-step installation. There will certainly be more work needed to allow
TMS to function properly in FIPS/(new)HSM. This patch will provide the
basic platform for the continued work.
There is also possibility that some needed additional work could be worked
around manually.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2012349
- - - - -
5a02bded by Endi S. Dewata at 2021-10-11T16:05:17-05:00
Update pkispawn and pkidestroy logging
pkispawn and pkidestroy have been modified to only generate
the logs on the console. It can additionally store the logs
into a file using the --log-file option.
- - - - -
119b3d25 by Chris Kelley at 2021-10-13T15:58:41+01:00
Drop dependency on xerces-j2 & xalan-j2 to prepare for Java 17
I tested our code against the latest Java 17 as at some point Fedora
will start considering using Java 17 LTS version as the default.
Everything looks good except for some packages brought in by xerces-j2
that are also provided by the JRE. Newer versions of Java are increasing
the encapsulation of the JRE/stricter on name clashes with JRE
internals.
It transpires that the classes we need from xerces-j2 are the very ones
provided by the JRE, so we can simply drop xerces-j2 as a dependency.
As the classes are already present in the Java 11 JRE it is safe to drop
now, so I have done so.
As we only require xalan-j2 to satisfy dependencies of xerces-j2, we can
also drop this as a dependency.
- - - - -
850b6b47 by Endi S. Dewata at 2021-10-13T10:12:18-05:00
Update ds-container-create/remove.sh
The ds-container-create/remove.sh scripts have been
modified to take a container name argument.
- - - - -
4c10fdd8 by Chris Kelley at 2021-10-13T16:35:36+01:00
Replace XMLObject with JSONObject in RegisterUser
- - - - -
ff64d5ec by Endi S. Dewata at 2021-10-13T10:52:35-05:00
Rename PKIDIR to SHARED
- - - - -
c8aaef5b by Jon Parrish at 2021-10-13T17:40:04+01:00
Not a duplicate one is supposed to be at the top
Revert "Remove duplicate buttons from Retrieval List Certificates page"
This reverts commit d1a02c8983da2e7417a429aa35319f51c16162b9.
- - - - -
57b7da15 by Jon Parrish at 2021-10-13T17:40:04+01:00
Close table so that top navigation is at the top
- - - - -
42dfdcc5 by Endi S. Dewata at 2021-10-13T13:10:27-05:00
Update ds-container-remove.sh
The ds-container-remove.sh has been modified to remove
the volume as well.
- - - - -
735e18ec by Endi S. Dewata at 2021-10-13T18:34:04-05:00
Fix missing CA test artifacts
The ds/pki-artifacts-save.sh scripts have been modified
to provide options to specify the instance name and the
output directory and to store the container logs.
- - - - -
4487a8d5 by Endi S. Dewata at 2021-10-14T09:15:25-05:00
Add ds-container-start/stop.sh
The ds-container-start/stop.sh scripts have been added
to start/stop DS container.
- - - - -
42955344 by Endi S. Dewata at 2021-10-14T09:15:25-05:00
Add ds-container-certs-import.sh
The ds-container-certs-import.sh has been added to import
certs into DS container.
The ds-container-create.sh has been modified to create the
folder for importing certs.
- - - - -
4f6c0630 by Endi S. Dewata at 2021-10-14T09:15:25-05:00
Update CA tests using secure DS connection
The CA tests using a secure connection to a local DS instance
have been modified to use a separate DS container instead.
- - - - -
264dc25b by Endi S. Dewata at 2021-10-14T12:18:34-05:00
Update KRA tests to use DS container
The KRA tests have been modified to use a separate DS
container.
- - - - -
3ee4941e by Endi S. Dewata at 2021-10-14T12:22:49-05:00
Remove obsolete scripts
- - - - -
109d1b16 by Endi S. Dewata at 2021-10-14T20:16:59-05:00
Fix ds-container-create.sh
The ds-container-create.sh has been modified to read the
ldapadd input properly and to validate the result.
- - - - -
8d0c5197 by Endi S. Dewata at 2021-10-14T20:17:52-05:00
Update ACME test dependencies
- - - - -
e995cfc2 by Endi S. Dewata at 2021-10-14T22:30:28-05:00
Fix typo in KRA test
- - - - -
87905e9a by Chris Kelley at 2021-10-15T12:52:31+01:00
Remove KRA CLI XML options
* Only allow JSON
* Provide JSON templates
- - - - -
c7e07f55 by Chris Kelley at 2021-10-15T13:06:50+01:00
Simplify logic in EnrollProfile
* Remove unnecessary else clauses
* Use ternary operator to improve readability
* Invert "if !=" to "if ==" to improve readability
* Remove unnecessary bracketing from boolean expressions
* Remove unnecessary boolean literals
- - - - -
2f280b0c by Endi S. Dewata at 2021-10-15T09:41:11-05:00
Update OCSP tests to use DS container
The OCSP tests have been modified to use a separate DS
container.
- - - - -
d47e4128 by Endi S. Dewata at 2021-10-15T09:42:42-05:00
Update TKS tests to use DS container
The TKS tests have been modified to use a separate DS
container.
- - - - -
c1f4690b by Endi S. Dewata at 2021-10-15T11:57:38-05:00
Update TPS tests to use DS container
The TPS tests have been modified to use a separate DS
container.
- - - - -
14220f05 by Endi S. Dewata at 2021-10-15T12:43:55-05:00
Update ACME tests to use DS container
The ACME tests have been modified to use a separate DS
container.
- - - - -
901ba9ca by Chris Kelley at 2021-10-18T10:53:36+01:00
Simplify logic in EnrollDefault
* Remove an empty if clause and check for null instead
* Remove unnecessary Boolean literals
* Don't unnecessarily box primitives to extract their value
* Remove unnecessary else clauses
* Remove unnecessary bracketing
- - - - -
98745edc by Chris Kelley at 2021-10-18T17:26:58+01:00
Remove unused method parameter from ProfileCLI.printProfile()
* Also tidy up getFullName() by using ternary operator
- - - - -
9a15f0bd by Chris Kelley at 2021-10-19T15:13:59+01:00
Tidy up logic in CMSAdminServlet
* Remove unnecessary else clauses
* Use if-elseif-else rather than nested if-else
* Invert "if !=" statements
* Use ternary operator where appropriate
- - - - -
292ec603 by Endi S. Dewata at 2021-10-19T17:06:17-05:00
Update ACME tests
The ACME tests have been updated to show the cert info to
help troubleshooting.
- - - - -
aef3e072 by Chris Kelley at 2021-10-20T14:45:07+01:00
Tidy up logic in TPSProcessor
* Invert "if !="
* Remove unnecessary else clauses
* Use ternary operator where appropriate
* Remove unnecessary Boolean literals
- - - - -
b21303ff by Chris Kelley at 2021-10-20T14:49:16+01:00
Provide user friendly error message when trying to parse invalid JSON
Original JsonParseException is logged, and a new PKIException is thrown
with a user-friendly message.
- - - - -
b3afc3ec by Endi S. Dewata at 2021-10-20T12:50:28-05:00
Refactor ACMEEngine.parseCSRExtensions()
The ACMEEngine.parseCSRExtensions() has been converted into
CertUtil.getSANExtension() such that it can be used to get
the SAN extension from a collection of extensions.
- - - - -
74836382 by Endi S. Dewata at 2021-10-20T12:50:28-05:00
Refactor ACMEEngine.parseCSR() (part 1)
The code that gets the SAN extension from a PKCS #10
request has been moved from ACMEEngine.parseCSR() into
CertUtil.getSANExtension() such that it can be reused.
- - - - -
f0acfd39 by Endi S. Dewata at 2021-10-20T12:50:28-05:00
Refactor ACMEEngine.parseCSRSAN()
The ACMEEngine.parseCSRSAN() has been converted into
CertUtil.getDNSNames() such that it can be reused to get
DNS names from a SAN extension.
The error message for unsupported type has been adjusted
such that it's more appropriate for general usage.
- - - - -
49362100 by Endi S. Dewata at 2021-10-20T12:50:28-05:00
Refactor ACMEEngine.parseCSR() (part 2)
The ACMEEngine.parseCSR() has been converted into
CertUtil.getDNSNames() such that it can be reused
to get DNS names from a PKCS #10 request.
- - - - -
aece2460 by Christina Fu at 2021-10-20T11:16:47-07:00
Bug2000184-CMCSharedToken-hsm-nonPSS
The previous patch missed the nonPSS case; This patch simply excludes
the check for the pki_use_pss_rsa_signing_algorithm parameter in
the installation config and only checks for pki_hsm_enable = True
to request for wrapping keys on KRA transport and storage certs.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2000184
- - - - -
7ebe4de9 by Chris Kelley at 2021-10-21T14:11:47+01:00
Check whether server is alive before asking certbot to register
To diagnose an intermittent CI issue with ACME, we can try to narrow
down the issue by making sure the server is responding before trying to
do anything with certbot. This will tell us that the issue is not
certbot, but either something went wrong in the container or the CI env
itself.
- - - - -
2af01012 by Chris Kelley at 2021-10-21T16:07:27+01:00
Tidy up logic in APolicyRule
* Use ternary operators
* Remove unnecessary Boolean literals
- - - - -
18c36a97 by Endi S. Dewata at 2021-10-21T15:01:52-05:00
Remove unused references to xml-commons-resolver
- - - - -
9f025052 by Endi S. Dewata at 2021-10-21T21:26:28-05:00
Refactor server config folder creation/removal
The code that creates/removes the server config folder/link
in PKIServer and PKIInstance classes has been moved into
create_conf_dir() and remove_conf_dir().
- - - - -
2a1adfcc by Endi S. Dewata at 2021-10-21T21:27:28-05:00
Refactor ServerConfiguration.get_connector()
The ServerConfiguration.get_connector() has been modified
to return None if the requested connector does not exist.
This is more consistent with Python dict.get().
- - - - -
2cc9291a by Chris Kelley at 2021-10-25T18:16:48+01:00
Automatically detect JUnit tests when running build.sh
Currently you have to remember to add new unit tests manually, but now
they will be picked up automatically.
- - - - -
494569f0 by Chris Kelley at 2021-10-25T18:24:59+01:00
Tidy up GPParams
* Make static constants final
* Decrease visibility of no-op constructor
* Remove Boolean literals
* Don't create variables to just return them
- - - - -
0990fee0 by Endi S. Dewata at 2021-10-25T20:47:03-05:00
Update ACME tests
The ACME tests have been modified to save some additional
client artifacts.
- - - - -
650a406c by Endi S. Dewata at 2021-10-26T12:55:57-05:00
Update pki nss-cert-request
Previously the pki nss-cert-request command generated the
cert requests using certutil command. Now it has been updated
to use JSS API.
- - - - -
fd13502c by Endi S. Dewata at 2021-10-26T12:55:57-05:00
Update pki nss-cert-issue
Previously the pki nss-cert-issue command generated the certs
using certutil command. Now it has been updated to use JSS API.
- - - - -
6552c742 by Endi S. Dewata at 2021-10-26T12:55:57-05:00
Fix default cert validity in NSS issuer for ACME
The NSS issuer for ACME has been modified to set the default
cert validity to 3 months instead of relying on certutil's
default cert validity.
- - - - -
3889ff9a by Endi S. Dewata at 2021-10-26T12:55:57-05:00
Fix SAN extension in NSS issuer for ACME
The NSS issuer for ACME has been modified to add a SAN
extension from the DNS names provided in the PKCS #10
request. These DNS names are already validated earlier
so they are safe to use.
- - - - -
a7ef3c68 by Endi S. Dewata at 2021-10-27T10:32:33-05:00
Refactor build jobs
The CI build jobs have been modified to build the packages
before building the containers such that the dependencies
can be stored in the cache using GH action.
- - - - -
66a6e594 by Endi S. Dewata at 2021-10-27T10:32:33-05:00
Cache build dependencies
The CI build jobs have been modified to keep the packages after
installation and to store them in cache (except COPR packages)
to speed up the CI execution. The cache will be invalidated when
the pki.spec is updated.
The build jobs have also been modified to no longer use the
commit ID to avoid calling dnf before restoring the cache.
- - - - -
d375d50d by Chris Kelley at 2021-10-27T17:24:59+01:00
Use human-readable date format on TPS Agent page
Based on patch by czinda, changes made to patch include:
* Use of ternary operator to simplify logic
* Use N/A instead of Date(null), which will print 1st Jan 1970
* Use === instead of ==
* Explicitly define variables
- - - - -
c6185dcc by Endi S. Dewata at 2021-10-27T15:26:49-05:00
Remove unnecessary git dependency in tools tests
- - - - -
7433abae by Endi S. Dewata at 2021-10-27T19:10:46-05:00
Update pki pkcs11-cert-find/show
The pki pkcs11-cert-find/show commands have been modified
to show the cert validity range.
- - - - -
d589f9c5 by Chris Kelley at 2021-10-28T15:40:40+01:00
Remove unused RAAdminServlet
- - - - -
1d50e562 by Endi S. Dewata at 2021-10-28T12:37:39-05:00
Add pki pkcs11 tests
New tests have been added to inspect, export, and remove certs
and keys in internal token and HSM using pki pkcs11 CLIs.
- - - - -
53412b26 by Endi S. Dewata at 2021-10-28T22:46:26-05:00
Update CA clone tests
The CA clone tests have been modified to display the users
and the security domain hosts.
- - - - -
ade79f52 by Endi S. Dewata at 2021-10-29T16:37:41-05:00
Fix pki-server <subsystem>-user-cert description
- - - - -
e4577a03 by Endi S. Dewata at 2021-11-01T09:45:31-05:00
Bump dependency to Python 3.9
- - - - -
db6216f4 by Endi S. Dewata at 2021-11-01T09:45:31-05:00
Clean up log messages
Some log messages have been converted into DEBUG since they
would be more useful for development/troubleshooting. INFO
messages are meant for users so they should be kept simple.
- - - - -
77bb2872 by Endi S. Dewata at 2021-11-01T09:45:31-05:00
Fix Python warnings
FutureWarning: The behavior of this method will change in
future versions. Use specific 'len(elem)' or 'elem is not
None' test instead.
- - - - -
dae4dc45 by Endi S. Dewata at 2021-11-01T11:28:29-05:00
Add pki-server <subsystem>-user-del
The pki-server <subsystem>-user-del has been added to provide
a way for the admin to remove a user from the database while
the server is offline.
- - - - -
f5748b85 by Endi S. Dewata at 2021-11-01T18:28:22-05:00
Update LDAPConfigurator
The customizeFile() and importLDIF() in LDAPConfigurator have
been modified to take a parameter map argument to override the
shared parameter map loaded from the configuration file.
- - - - -
ec45bb54 by Endi S. Dewata at 2021-11-02T14:03:59-05:00
Fix replica reinstallation
The pkispawn and pkidestroy have been modified to ignore
failures caused by adding an entry or attribute that is
already exists and to check whether a file exists before
removing it during replica removal and reinstallation.
One of the CA clone tests has been modified to test
removing and reinstalling a replica.
Resolves: https://github.com/dogtagpki/pki/issues/3544
- - - - -
e50f5046 by Endi S. Dewata at 2021-11-03T17:57:33-05:00
Refactor LDAPConfigurator.setupDatabaseManager()
The LDAPConfigurator.setupDatabaseManager() has been modified
to provide a parameter for the database manager DN.
- - - - -
8e8b9a92 by Endi S. Dewata at 2021-11-03T19:11:27-05:00
Bump dependency to Tomcat 9.0.31
The pki.spec has been modified to require Tomcat 9.0.31
to ensure that it works with the "secret" parameter in
the AJP connector.
- - - - -
2c27095e by Chris Kelley at 2021-11-04T11:19:36+00:00
Fixes for classpath on F35+
* Remove JARs that are no longer needed from classpath
* Replace Matcher expectedException.expect() with JUnit's assertThrows()
- - - - -
ba69343c by Endi S. Dewata at 2021-11-04T10:56:09-05:00
Add acme-wait.sh
The acme-wait.sh has been added to wait for the ACME server
to start before running the tests.
- - - - -
567e3fef by Endi S. Dewata at 2021-11-04T14:38:33-05:00
Replace deprecated constants/methods
- - - - -
1e1aaf7c by Endi S. Dewata at 2021-11-04T14:40:38-05:00
Bump dependency to JSS 5.1
- - - - -
e30e785b by Endi S. Dewata at 2021-11-05T10:13:07-05:00
Add pki-server <subsystem>-db-access-grant/revoke
The pki-server <subsystem>-db-access-grant/revoke have been
added to grant/revoke database access to/from a user.
The LDAPConfigurator.setupDatabaseManager() has been renamed
into grantDatabaseAccess(). The revokeDatabaseAccess() has
been added to revert the operation.
The manager.ldif has been renamed to db-access-grant.ldif.
The db-access-revoke.ldif has been added to revert the
changed made by db-access-grant.ldif.
The code that grants the database access has been moved
from pki-server <subsystem>-db-init into configuration.py.
The code has also been modified to use the pki_share_db
and pki_share_dbuser_dn parameters to determine the
database user DN.
- - - - -
28ff081f by Chris Kelley at 2021-11-08T11:05:12+00:00
Remove SHA-1 from signingAlgsAllowed in configuration files
- - - - -
b351a8e0 by Chris Kelley at 2021-11-08T16:13:57+00:00
Introduce SubsystemCLI class to refactor out common code
Start by introducing two new methods:
* initializeJss()
* getEngineConfig()
- - - - -
5cbc4549 by Chris Kelley at 2021-11-08T17:19:39+00:00
Deprecated all SHA-1 constants, classes and enum entries.
- - - - -
8a773d52 by Endi S. Dewata at 2021-11-08T18:24:27-06:00
Add doc for pki-server <subsystem>-db-access
- - - - -
76443812 by Endi S. Dewata at 2021-11-08T18:24:27-06:00
Update log messages in ACME realm
- - - - -
8a011329 by Endi S. Dewata at 2021-11-08T18:24:40-06:00
Fix NPE in NSSDatabase.createCertificate()
- - - - -
8b77756e by Endi S. Dewata at 2021-11-10T11:22:46-06:00
Update NSSDatabase.create_request(), create_cert(), add_cert()
The NSSDatabase.create_request(), create_cert(), and add_cert()
have been modified to provide an option to use JSS-based PKI CLIs
instead of NSS-based certutil to generate a CSR, issue a cert,
and import the cert. In the future the methods will only use the
PKI CLIs since they can support long serial numbers.
The pkispawn has been modified to use the PKI CLIs to generate
the temporary SSL server certificate during installation.
- - - - -
fc3a4a01 by Endi S. Dewata at 2021-11-10T13:36:57-06:00
Clean up help and log messages
- - - - -
fd9b9f56 by Endi S. Dewata at 2021-11-10T17:02:40-06:00
Fix pki-server run
The path for the logging.properties has been changed from
/etc/pki/pki-tomcat to /var/lib/pki/pki-tomcat/conf such that
the server can be run on the foreground using pki-server run.
- - - - -
22d8780f by Endi S. Dewata at 2021-11-10T17:40:59-06:00
Add NSSCertCLI.printCertInfo()
The code that prints the cert info in NSSCertShowCLI has been
moved into NSSCertCLI.printCertInfo().
- - - - -
7a1396e2 by Endi S. Dewata at 2021-11-10T20:54:06-06:00
Remove unused KRAConnector.execute_using_sslget()
- - - - -
33784baa by Endi S. Dewata at 2021-11-11T08:07:41-06:00
Remove pkidaemon status
The pkidaemon status command was already deprecated in PKI 10.
Now the command and the related code have been removed from the
current version.
- - - - -
3e34ed21 by Endi S. Dewata at 2021-11-11T08:09:45-06:00
Remove hard-coded temp SSL server cert params
Previously the parameters for the temp SSL server cert were
hard-coded as follows:
- pki_self_signed_serial_number: 0
- pki_self_signed_validity_period: 12 months
- pki_self_signed_trustargs: CTu,CTu,CTu
The hard-coded values have been removed so it will use the
default values provided by the pki nss-cert commands:
- serial number: 128-bit random integer
- validity: 3 months
- trust attribute: none
The new default values should be fine since the cert will
only exists temporarily during installation.
This change also allows the admin to override the default
values if necessary by specifying these parameters in the
pkispawn configuration.
- - - - -
9452a016 by Endi S. Dewata at 2021-11-11T08:45:38-06:00
Generate warnings for deprecated algorithms on server startup
The PKI server has been modified to generate warnings for
deprecated algorithms in the config files and cert profiles
when the server is started.
- - - - -
c44916c2 by Chris Kelley at 2021-11-11T17:20:21+00:00
Tidy up logic in TBSRequest
* Use ternary operators
- - - - -
8738d185 by Endi S. Dewata at 2021-11-11T13:09:08-06:00
Clean up CMSServlet.auditSubjectID()
- - - - -
000b5e5e by Endi S. Dewata at 2021-11-11T13:45:47-06:00
Clean up SecurityDomainProcessor.addHost()
- - - - -
f3c1270b by Endi S. Dewata at 2021-11-11T13:48:25-06:00
Clean up SecurityDomainProcessor.removeHost()
- - - - -
a0704b0d by Endi S. Dewata at 2021-11-11T16:09:00-06:00
Fix server restart in pkidestroy
pkidestroy has been modified to wait until the server has
completely stopped/started before continuing.
- - - - -
89ada9bb by c-dorney at 2021-11-12T12:20:31+00:00
Fix Bug 2001169 - Audit event 'ACCESS_SESSION_ESTABLISH' is not generating for PKI instances acting as Server [10.2.1] (#3745) (#3763) (#3822)
This fix allows us to actually see ssl connection events in the audit log from the pki /server perspective.
This fill will also require support bug fixes for both jss and tomcatjss.
Added fix for stray alerts showing up after a server is going down.
Sample audit log messages:
0.https-jsse-nio-18443-exec-6 - [29/Sep/2021:21:09:31 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=--][ServerIP=--][SubjectID=CN=PKI Administrator,E=example at testdomain.com,OU=rhcs94-CA-cfu_rsa-nocp11,O=Example-rhcs94-CA_cfu-rsa][Outcome=Success] access session establish success
0.https-jsse-nio-18443-exec-16 - [29/Sep/2021:21:09:32 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.ee.profiles][Op=list] authorization success
0.https-jsse-nio-18443-exec-16 - [29/Sep/2021:21:11:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=--][ServerIP=--][SubjectID=CN=PKI Administrator,E=example at testdomain.com,OU=rhcs94-CA-cfu_rsa-nocp11,O=Example-rhcs94-CA_cfu-rsa][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-nio-18443-exec-16 - [29/Sep/2021:21:11:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=--][ServerIP=--][SubjectID=CN=PKI Administrator,E=example at testdomain.com,OU=rhcs94-CA-cfu_rsa-nocp11,O=Example-rhcs94-CA_cfu-rsa][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
- - - - -
ab3caef9 by Chris Kelley at 2021-11-12T15:48:52+00:00
Remove unnecessary boolean literals from WIMasterOrClone
- - - - -
63065ec7 by Chris Kelley at 2021-11-12T16:33:47+00:00
Tidy up logic in SecureChannel
* Remove unnecessary else clauses
* Use ternary operator
* Remove dead code (kill == 1 can never be true)
* Return methods rather than using unnecessary Boolean literals
- - - - -
21cdf393 by Chris Kelley at 2021-11-12T16:57:17+00:00
Tidy up SelfTestSubsystem
* Don't return unnecessary Boolean literals
* Combine identical catch blocks
* Remove unnecessary else clauses
- - - - -
31a223c5 by Chris Kelley at 2021-11-12T17:13:33+00:00
Tidy up OCSPNoCheckExtDefault
* Use Boolean.parseBoolean()
* Remove unnecessary else clauses
* Use ternary operator
- - - - -
d2f34169 by Chris Kelley at 2021-11-12T17:17:54+00:00
Refactor getAuthInfo() into SubsystemCLI to de-duplicate subclass code
- - - - -
8a50a82a by Chris Kelley at 2021-11-15T12:53:14+00:00
Tidy up WizardBasePanel
* Don't return unnecessary Boolean literals
* Use try-with-resources to take advantage of Autoclosable
* Prevent possible NullPointerException in getErrorMessage()
* Print value of sendStatus before returning
- - - - -
43e194aa by Endi S. Dewata at 2021-11-15T20:43:24+07:00
Add pki nss-cert-find
The pki nss-cert-find command has been added to list certs
in NSS database.
- - - - -
05e5f99f by Endi S. Dewata at 2021-11-15T22:40:06+07:00
Move UpdateDomainXML audit into SecurityDomainProcessor
The audit code in UpdateDomainXML has been moved into
SecurityDomainProcessor such that the audit logs will be
generated properly when the security domain is updated
using pki securitydomain-host-add/del commands which
call the SecurityDomainProcessor as well.
- - - - -
47879e13 by Endi S. Dewata at 2021-11-16T10:44:13+07:00
Refactor PKISubsystem.update_config()
The code that retrieves and validates the master config
params in PKISubsystem.update_config() has been moved
into configuration.py. The remaining code that imports
the master config params has been converted into
import_master_config().
- - - - -
b606b888 by c-dorney at 2021-11-16T10:05:18+00:00
Add retry when adding expired profile (#3806)
- - - - -
b325c0bd by Christina Fu at 2021-11-16T16:40:46-08:00
Bug008162-TPS-profile-enforce-permitted-agents
this patch addresses additional issues for https://bugzilla.redhat.com/show_bug.cgi?id=2001166
This patch specifically addresses the pki cli "tps-cert-find" option.
e.g. # pki -d /opt/pki/certdb -P https -p 25443 -h localhost -c SECret.123 -n 'TPS_AgentV' tps-cert-find --token 40906145C76224192D11
additional restrictions are added to TokenService.java replaceToken and
removeToken methods
where I do not see direct access to as a "just in case" move.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2008162
- - - - -
f4a0fb96 by Endi S. Dewata at 2021-11-17T11:49:11-06:00
Add PKISubsystem.setup_replication()
The Java code that sets up replication in SubsystemDBInitCLI
has been moved into SubsystemDBReplicationSetupCLI so that
later it can be reused as a separate CLI. The Python code that
calls SubsystemDBInitCLI with replication params has been moved
into setup_replication() to call SubsystemDBReplicationSetupCLI.
- - - - -
4542e1f5 by Chris Kelley at 2021-11-18T10:46:19+00:00
Tidy up logic in SecureChannelProtocol classes
* Use ternary operator and invert logic
- - - - -
827c0a8c by Endi S. Dewata at 2021-11-18T20:45:29+07:00
Drop preop.internaldb.master
Previously pkispawn would retrieve the internaldb.* params from
the master server and store it under preop.internaldb.master in
the replica's CS.cfg so SubsystemDBReplicationSetupCLI can use
it. Later these params will be removed from CS.cfg.
To minimize changes to the replica's CS.cfg, these params will
now be stored in a separate temporary file instead.
- - - - -
84c375c2 by dpuniaredhat at 2021-11-19T17:43:26+05:30
fix kra key recovery automated test for bugzilla 1392616 (#3847)
Signed-off-by: Deepak Punia <dpunia at redhat.com>
- - - - -
8ff4c469 by Endi S. Dewata at 2021-11-22T13:23:11+07:00
Add default image for runner-init.sh
- - - - -
aba75046 by Endi S. Dewata at 2021-11-22T13:23:15+07:00
Remove default password for ds-container-create.sh
- - - - -
d81f92bc by Chris Kelley at 2021-11-22T10:53:25+00:00
Tidy up CertDateCompare with a ternary operator
- - - - -
15ad1755 by Chris Kelley at 2021-11-22T14:00:05+00:00
Tidy up logic in JssSubsystem
* Remove unnecessary else clauses
* Use ternary operators
* Invert logic where appropriate
* Don't create variable just to return it
- - - - -
fb3490fc by Endi S. Dewata at 2021-11-22T22:28:57+07:00
Switch to Java 17
The pki.spec has been modified to depend on Java 17.
The runner-init.sh has been modified to no longer mount
/sys/fs/cgroup to avoid the following warnings:
Warning: warning][os,container] Duplicate cpuset controllers
detected. Picking /sys/fs/cgroup/cpuset, skipping
/sys/fs/cgroup/cpuset.
- - - - -
900a170d by Endi S. Dewata at 2021-11-23T07:02:10+07:00
Fix Java home in pki.spec
- - - - -
961001ba by Chris Kelley at 2021-11-23T12:18:58+00:00
Replace deprecated Provider constructor
- - - - -
ad7d3104 by Endi S. Dewata at 2021-11-24T13:05:58+07:00
Remove unused instanceId variable
- - - - -
73201aca by Endi S. Dewata at 2021-11-24T17:48:40+07:00
Remove unused Setup class
- - - - -
e54b4997 by Endi S. Dewata at 2021-11-24T18:12:35+07:00
Replace pki_force_destroy param with PKIDeployer.force
- - - - -
072f20ea by Endi S. Dewata at 2021-11-24T19:15:32+07:00
Fix pki_source_profiles and pki_subsystem_profiles_path params
The pki_source_profiles and pki_subsystem_profiles_path params
have been modified not to include the 'ca' folder such that
they can include all folders under 'profiles'.
- - - - -
3df40baf by Endi S. Dewata at 2021-11-24T20:37:23+07:00
Move emails and profiles to config folder
pkispawn has been modified to install the emails and profiles
in the instance's config folder instead of base folder since
they are a part of CA configuration.
For backward compatibility the old folders have been replaced
with links to the new locations.
An upgrade script has been added to relocate the emails and
profiles in existing instances.
- - - - -
ed33158a by Endi S. Dewata at 2021-11-24T23:32:40+07:00
Remove unused subsystem webapp folders
pkispawn has been modified to no longer create the subsystem
webapps folders.
An upgrade script has been added to remove the folders from
existing instances.
- - - - -
757b9f29 by Chris Kelley at 2021-11-24T17:08:09+00:00
Use try-with-resources in KeyRepository
- - - - -
2516ea35 by Chris Kelley at 2021-11-26T12:55:23+00:00
Update version number to 11.1.0-alpha2
- - - - -
2ffa7930 by Endi S. Dewata at 2021-11-29T12:24:36+07:00
Replace pki_remove_logs param with PKIDeployer.remove_logs
- - - - -
25d4bfe5 by Endi S. Dewata at 2021-11-29T12:24:36+07:00
Update log messages in PKIServer class
- - - - -
5946415b by Endi S. Dewata at 2021-11-29T12:24:36+07:00
Add PKIServer.create_logging_properties()
The code that creates a copy of or a link to logging.properties
has been moved into PKIServer.create_logging_properties().
- - - - -
7b7dd0e9 by Endi S. Dewata at 2021-11-29T20:02:26+07:00
Remove unused static info in server.xml
The server.xml has been modified to no longer include some
static info since it can be obtained using pki-server status.
A new upgrade script has been added to remove the unused info
from existing instances.
- - - - -
836e68f2 by Endi S. Dewata at 2021-11-29T20:58:00+07:00
Update SCEP test
The SCEP test has been updated to use the pre-built SSCEP
package from the COPR repository.
- - - - -
616b7a98 by Endi S. Dewata at 2021-11-30T09:10:52+07:00
Remove unused conf.d folder
- - - - -
aacfcc91 by Endi S. Dewata at 2021-11-30T10:38:11+07:00
Add CertUtil.getCommonName()
The code in CertUtil.getDNSNames() that gets the common name
from an X.500 name has been moved into getCommonName().
- - - - -
7fabec41 by Endi S. Dewata at 2021-11-30T20:25:49+07:00
Remove unused Tomcat systemd link
The Tomcat systemd link at /var/lib/pki/<instance>/<instance>
is not used so it has been removed.
An upgrade script has been added to remove the link from
existing instances.
- - - - -
e0ccfa50 by Chris Kelley at 2021-12-01T11:19:43+00:00
Use Python 3 no-arg super() in scripts
- - - - -
8c4c40d9 by Endi S. Dewata at 2021-12-01T19:30:27+07:00
Replace PKI symkey with JSS symkey
https://github.com/dogtagpki/pki/issues/1368
- - - - -
5b43799a by Endi S. Dewata at 2021-12-01T23:08:18+07:00
Remove PKI symkey library
The symkey library has been moved into JSS, so the code and
the package has been removed from PKI.
https://github.com/dogtagpki/pki/issues/1368
- - - - -
a3beb1fd by Endi S. Dewata at 2021-12-02T13:30:57+07:00
Add PKIServer.is_running()
The PKIServer.is_running() has been added to check whether
the server is running.
- - - - -
8f6c0048 by Endi S. Dewata at 2021-12-02T13:36:00+07:00
Update PKIServer.get_sslserver_cert_nickname()
The PKIServer.get_sslserver_cert_nickname() has been modified
to return None if the SSL server certificate is not available
instead of throwing an exception.
- - - - -
4c6d3ffb by Endi S. Dewata at 2021-12-02T23:37:36+07:00
Remove unused RA SelfTest
The RA subsystem was dropped a long time ago, but some of its
code remains because parts of it are still needed by tpsclient.
Other parts of RA that are no longer used such as the SelfTest
can be removed.
- - - - -
4330044a by Endi S. Dewata at 2021-12-07T09:46:30+07:00
Clean up DS scripts
- - - - -
30660b44 by Endi S. Dewata at 2021-12-07T09:46:30+07:00
Update DS scripts
The DS scripts have been modified to support DS server created
from RPM packages or DS container from the specified image.
- - - - -
a9de00ea by Chris Kelley at 2021-12-07T14:26:08+00:00
Use -fstack-protector-strong compiler flag
* Fixes gating issues with annobin
Resolves: #1936636
- - - - -
acac32b1 by Endi S. Dewata at 2021-12-07T21:36:16+07:00
Remove admin PKCS12 password file from examples
The admin PKCS12 password file is only created if the
pki_client_database_purge is set to False, which is not
the default, so the examples have been updated to use
the password directly.
- - - - -
e9636b17 by Endi S. Dewata at 2021-12-07T21:36:16+07:00
Remove pki_client_database_purge from examples
Previously the pki_client_database_purge param was used in
the examples to retain the temporary NSS database used to
generate the admin certificate so it can be reused after
installation. The param has been removed from the examples
since it's recommended to import the admin PKCS12 file
instead of reusing the temporary NSS database.
- - - - -
5c3076e3 by Endi S. Dewata at 2021-12-07T21:36:16+07:00
Remove pki_client_database_password from examples
The pki_client_database_password param has been removed
from examples since it's not used except for installation
with existing certs and standalone installation where the
installation is done in two steps and pkispawn needs to
use the same NSS database password in both steps.
- - - - -
0340ef3e by Chris Kelley at 2021-12-10T12:04:14+00:00
Fix Invalid Date error in TPS UI
Will make unmodified dates show Thu Jan 01 1970 01:00:00 GMT+0100. A
previous attempt tried to show N/A instead but the date is parsed for
some other purpose and this caused an error - so I have modified it to
return a legitimate Date object
- - - - -
60e9051d by Endi S. Dewata at 2021-12-13T08:49:42+07:00
Fix NSSExtensionGenerator.createSANExtension()
Previously the NSSExtensionGenerator.createSANExtension() would
add a SAN extension to all certs or requests created with it.
The code has been modified to add a SAN extension only if the
subjectAltName param is specified. The param currently supports
two options:
- DNS:request_subject_cn which will copy the DNS name from the
CN attribute of the request's subject name
- DNS:request_san_ext which will copy the DNS names from the
request's SAN extension
The sslserver.conf has been modified to use the new param.
- - - - -
edc01f75 by Endi S. Dewata at 2021-12-13T08:49:42+07:00
Add NSSExtensionGenerator.createGenericExtensions()
The NSSExtensionGenerator.createGenericExtensions() has been
added to support user-provided generic extensions such as
Microsoft's SubCA extension.
A new subca_signing.conf has been added as an example.
- - - - -
6c596575 by Endi S. Dewata at 2021-12-13T08:49:42+07:00
Add test for PKI NSS CLI with extensions
A new test has been added to verify that the PKI NSS CLI will
add the cert and request extensions properly according to:
- ca_signing.conf
- subca_signing.conf
- sslserver.conf
- - - - -
da1a8724 by Endi S. Dewata at 2021-12-13T08:51:43+07:00
Update HSM test for PKI NSS CLI
The HSM test for PKI NSS CLI has been updated to issue
an SSL server cert using the CA signing cert in HSM,
then import the cert into HSM as well.
- - - - -
7bb491a9 by Chris Kelley at 2021-12-13T14:52:55+00:00
Remove unused keyId variable
- - - - -
3819c6af by Chris Kelley at 2021-12-13T14:53:08+00:00
Remove unnecessary else clause from KRAService
- - - - -
e98313f8 by Endi S. Dewata at 2021-12-14T02:05:16+07:00
Update log messages in keygen.py
- - - - -
cdf00a3b by Endi S. Dewata at 2021-12-14T09:48:47+07:00
Move CSR/cert extension tests into scripts
- - - - -
ddcd2597 by Endi S. Dewata at 2021-12-14T12:10:00+07:00
Remove hardcoded serials from standalone KRA/OCSP tests
- - - - -
6cbbc45a by Endi S. Dewata at 2021-12-15T19:03:14+07:00
Clean up test for installing KRA on separate instance
- - - - -
9d5876bc by Endi S. Dewata at 2021-12-15T19:03:14+07:00
Add test for installing OCSP on separate instance
- - - - -
91cf9541 by Endi S. Dewata at 2021-12-15T19:03:14+07:00
Add test for installing TKS on separate instance
- - - - -
3237afe7 by Endi S. Dewata at 2021-12-15T19:03:14+07:00
Add test for installing TPS on separate instance
- - - - -
91849932 by Endi S. Dewata at 2021-12-16T01:05:59+07:00
Clean up tests for installing KRA/OCSP with external certs
- - - - -
865ae232 by Endi S. Dewata at 2021-12-16T01:05:59+07:00
Add test for installing TKS with external certs
- - - - -
cea6622f by Endi S. Dewata at 2021-12-16T01:05:59+07:00
Add test for installing TPS with external certs
- - - - -
4af657cb by Christina Fu at 2021-12-16T10:29:29-08:00
Bug2033100-Invalid-subCA-certs-pkispawn-single
This patch takes care of the issue reported in the following bug
Bug 2033100 - Invalid certificates with creation of subCA (pkispawn single step)
where the subject DN of a certificate could be unintentionally recoded.
In addition, I found the CA enrollment profile caInstallCACert.cfg to have
only 2 year validity; Also the signingAlgsAllowed list is outdated.
This is also addressed.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2033100
- - - - -
9f067178 by Endi S. Dewata at 2021-12-20T10:48:50+07:00
Update test for external CA installation
The test for CA installation with external signing cert has
been updated to add a Microsoft Subordinate CA extension in
the CSR and in the issued cert.
The pkispawn default configuration file has been modified to
no longer include the extension since it's already provided
as an example in the subca_signing.conf.
- - - - -
fd11c334 by Endi S. Dewata at 2022-01-04T09:48:19+07:00
Clean up tests
- - - - -
c8b80343 by Endi S. Dewata at 2022-01-04T09:50:27+07:00
Update tests to display subsystem certs
- - - - -
f0ae6acb by Endi S. Dewata at 2022-01-04T09:50:29+07:00
Update log messages in PKIDeployer.setup_cert()
- - - - -
868169d9 by Endi S. Dewata at 2022-01-04T12:04:08+07:00
Consolidate system cert trust flag setup
The code that sets up the trust flags for all system certs
has been moved into PKIDeployer.setup_system_certs().
- - - - -
344edb3c by Endi S. Dewata at 2022-01-04T13:35:08+07:00
Update log messages in tpsclient
- - - - -
72ca49e5 by Endi S. Dewata at 2022-01-04T13:35:10+07:00
Remove unused RA::Initialize()
- - - - -
a126ca3e by Endi S. Dewata at 2022-01-04T13:35:10+07:00
Remove unused RA::Shutdown()
- - - - -
a37924ab by Endi S. Dewata at 2022-01-04T14:11:24+07:00
Remove unused code in CLI wrappers
- - - - -
ed2fd35f by Endi S. Dewata at 2022-01-04T14:21:24+07:00
Remove redundant %jaxrs_api_jar macro
The %jaxrs_api_jar macro is no longer needed since the location
of JAXRS_API_JAR can be found using CMake.
- - - - -
71a8fb6f by Endi S. Dewata at 2022-01-04T14:21:54+07:00
Remove redundant RESTEASY_LIB
The RESTEASY_LIB variable is no longer needed since the location
of RESTEasy can be found using CMake.
- - - - -
d85f70f1 by Endi S. Dewata at 2022-01-04T14:24:59+07:00
Remove redundant PKI_JAVA_PATH
The PKI_JAVA_PATH variable is no longer needed since the location
of java command can be found using JAVA_HOME variable.
- - - - -
dee65455 by Endi S. Dewata at 2022-01-04T20:52:39+07:00
Remove unused RA::InitializeInChild()
- - - - -
19630920 by Endi S. Dewata at 2022-01-04T20:52:40+07:00
Remove unused RA::Child_Shutdown()
- - - - -
607da1a2 by Endi S. Dewata at 2022-01-05T02:09:21+07:00
Remove unused RA Processors
- - - - -
3e2841a4 by Endi S. Dewata at 2022-01-05T02:09:24+07:00
Remove unused RA::InitializePublishers()
- - - - -
1e465290 by Endi S. Dewata at 2022-01-05T02:09:26+07:00
Remove unused RA::CleanupPublishers()
- - - - -
b021b3a7 by Endi S. Dewata at 2022-01-05T14:44:36+07:00
Remove unused RA::getPublisherById()
- - - - -
354e1bfd by Endi S. Dewata at 2022-01-05T14:44:38+07:00
Remove unused PublisherEntry
- - - - -
5b7aa51d by Endi S. Dewata at 2022-01-05T14:44:39+07:00
Remove unused NetkeyPublisher
- - - - -
c20630de by Endi S. Dewata at 2022-01-05T14:44:41+07:00
Remove unused IPublisher
- - - - -
e3870923 by Endi S. Dewata at 2022-01-05T19:11:54+07:00
Remove unused LDAP_Authentication
- - - - -
6007a7da by Endi S. Dewata at 2022-01-05T20:50:17+07:00
Remove unused RA::InitializeAuthentication()
- - - - -
b44b453c by Endi S. Dewata at 2022-01-05T21:05:30+07:00
Remove unused RA auth methods and fields
- - - - -
0fa83c59 by Endi S. Dewata at 2022-01-05T22:24:40+07:00
Remove unused AuthenticationEntry
- - - - -
5843668f by Endi S. Dewata at 2022-01-05T22:27:47+07:00
Remove unused Authentication
- - - - -
539f7ce7 by Endi S. Dewata at 2022-01-05T23:13:16+07:00
Remove unused RA::verifySystemCerts()
- - - - -
b0d01d81 by Endi S. Dewata at 2022-01-05T23:13:16+07:00
Remove unused RA::verifySystemCertByNickname()
- - - - -
b761027b by Endi S. Dewata at 2022-01-05T23:51:21+07:00
Remove unused RA::getCertificateUsage()
- - - - -
c754cdc2 by Endi S. Dewata at 2022-01-06T07:29:19+07:00
Remove unused RA::InitializeTokendb()
- - - - -
18d7c306 by Endi S. Dewata at 2022-01-06T07:36:33+07:00
Remove unused RA::tdb_add_token_entry()
- - - - -
4d273ac7 by Endi S. Dewata at 2022-01-06T07:36:33+07:00
Remove unused RA::ra_get_token_status()
- - - - -
900bd55d by Endi S. Dewata at 2022-01-06T07:43:02+07:00
Remove unused RA::ra_tus_has_active_tokens()
- - - - -
4cf06473 by Endi S. Dewata at 2022-01-06T07:47:06+07:00
Remove unused RA::ra_is_token_present()
- - - - -
2c177b9b by Endi S. Dewata at 2022-01-06T07:47:54+07:00
Remove unused RA::ra_is_tus_db_entry_disabled()
- - - - -
5cc30270 by Endi S. Dewata at 2022-01-06T07:49:59+07:00
Remove unused RA::ra_is_token_pin_resetable()
- - - - -
3e9538c1 by Endi S. Dewata at 2022-01-06T07:51:09+07:00
Remove unused RA::ra_is_update_pin_resetable_policy()
- - - - -
6311cb1f by Endi S. Dewata at 2022-01-06T07:52:21+07:00
Remove unused RA::ra_update_token_policy()
- - - - -
0ad26864 by Endi S. Dewata at 2022-01-06T07:53:42+07:00
Remove unused RA::ra_get_token_policy()
- - - - -
88e57119 by Chris Kelley at 2022-01-06T14:20:33+00:00
Force Date(null) for unmodified token timestamps
* Passing the argument directly into the constructor results in Invalid
Date, so for whatever reason it can't be parsed. Get around this by
using Date(null) explictly, which definitely gives a valid Date
- - - - -
f76a80f8 by Chris Kelley at 2022-01-10T17:36:39+00:00
Remove MD2, MD5 and SHA-1 options from console UI menus.
* These are deprecated so don't allow users to make new use of them
- - - - -
3b1a9e02 by Chris Kelley at 2022-01-10T17:38:13+00:00
Tidy up ProfileApproveServlet
* Remove unused method parameter
* Reorder modifiers to match JLS, use final where appropriate
* Use OP_APPROVE constant
* Simplify logic in auditProfileID()
* Simplify logic in auditProfileOp()
- - - - -
2ce14ff2 by Endi S. Dewata at 2022-01-10T12:36:40-06:00
Remove unused RA::transition_allowed()
- - - - -
88824646 by Endi S. Dewata at 2022-01-10T12:36:40-06:00
Remove unused RA::get_token_state()
- - - - -
caa9078e by Endi S. Dewata at 2022-01-10T12:36:40-06:00
Remove unused RA token methods
- - - - -
d21fea96 by Endi S. Dewata at 2022-01-10T12:36:53-06:00
Remove unused RA::tdb_update()
- - - - -
253fa339 by Endi S. Dewata at 2022-01-10T12:36:53-06:00
Remove unused RA::tdb_update_certificates()
- - - - -
ddd66694 by Endi S. Dewata at 2022-01-10T12:36:53-06:00
Remove unused RA::tdb_activity()
- - - - -
af183214 by Endi S. Dewata at 2022-01-10T13:23:38-06:00
Remove unused RA::setup_audit_log()
- - - - -
9d2a5e41 by Endi S. Dewata at 2022-01-10T13:25:02-06:00
Remove unused RA::enable_audit_logging()
- - - - -
1888f0b6 by Endi S. Dewata at 2022-01-10T13:28:38-06:00
Remove unused RA::InitializeSignedAudit()
- - - - -
3f3263dc by Endi S. Dewata at 2022-01-10T13:29:23-06:00
Remove unused RA::InitializeHttpConnections()
- - - - -
1fa9a443 by Endi S. Dewata at 2022-01-10T13:32:43-06:00
Remove unused RA::IsTpsConfigured()
- - - - -
5ab015e5 by Endi S. Dewata at 2022-01-10T13:33:26-06:00
Remove unused RA::IsTokendbInitialized()
- - - - -
0e8ba8a3 by Endi S. Dewata at 2022-01-10T17:46:20-06:00
Remove unused ECC profiles
The EC<name>.profiles have been removed since they have been
replaced by ecc<name>.profiles. The CI already has an ECC test
which verifies that the CA still works without these files.
See also the following links:
- https://github.com/dogtagpki/pki/wiki/PKI-10.5-pkispawn-ECC-Profile-Workaround
- https://github.com/dogtagpki/pki/issues/3077
- https://github.com/dogtagpki/pki/commit/9a8e54ab9a8f1192c240639c42f8a744160a8ef8
- - - - -
49b1632b by Endi S. Dewata at 2022-01-10T17:54:10-06:00
Clean up system cert profiles
- - - - -
7d3f49fb by Endi S. Dewata at 2022-01-10T18:02:48-06:00
Add doc for system profile changes
- - - - -
b74517cb by Endi S. Dewata at 2022-01-10T19:07:35-06:00
Update ds-container-create.sh to publish LDAP ports
- - - - -
4defa87e by Endi S. Dewata at 2022-01-10T20:40:15-06:00
Clean up CA test with ECC keys
- - - - -
d619511c by Endi S. Dewata at 2022-01-10T20:40:15-06:00
Update CA tests to check system certs
- - - - -
5b436610 by Endi S. Dewata at 2022-01-11T11:36:22-06:00
Remove unused RA::GetLogFile()
- - - - -
8e22bf77 by Endi S. Dewata at 2022-01-11T11:36:27-06:00
Remove unused m_selftest_log
- - - - -
2026b3f8 by Endi S. Dewata at 2022-01-11T11:36:32-06:00
Remove unused RollingLogFile
- - - - -
d99bdb51 by Endi S. Dewata at 2022-01-11T14:10:28-06:00
Remove unused RA::ra_update_token_status_reason_userid()
- - - - -
34c6c73c by Endi S. Dewata at 2022-01-11T14:12:43-06:00
Remove unused RA::ra_update_cert_status()
- - - - -
ae98ccf9 by Endi S. Dewata at 2022-01-11T14:14:48-06:00
Remove unused RA::ra_force_token_format()
- - - - -
1584b163 by Endi S. Dewata at 2022-01-11T18:24:47-06:00
Remove unused RA::ra_allow_token_renew()
- - - - -
97f66775 by Endi S. Dewata at 2022-01-11T18:25:52-06:00
Remove unused RA::ra_allow_token_reenroll()
- - - - -
0958e35f by Endi S. Dewata at 2022-01-13T10:55:25-06:00
Clean up log messages in CAValidityConstraint.validate()
- - - - -
8e613a75 by Endi S. Dewata at 2022-01-13T12:02:15-06:00
Remove unused RA::RunFlushThread()
- - - - -
263e37b9 by Endi S. Dewata at 2022-01-13T12:03:52-06:00
Remove unused RA::getLastSignature()
- - - - -
13cc3711 by Endi S. Dewata at 2022-01-13T12:05:01-06:00
Remove unused RA::IsValidEvent()
- - - - -
69980f27 by Endi S. Dewata at 2022-01-13T12:10:49-06:00
Remove unused RA::Audit()
- - - - -
6d08ab4f by Endi S. Dewata at 2022-01-13T12:14:34-06:00
Remove unused RA::AuditThis()
- - - - -
f93c9669 by Endi S. Dewata at 2022-01-13T12:54:17-06:00
Remove unused RA::SetBufferSize()
- - - - -
a6650cca by Endi S. Dewata at 2022-01-13T12:55:01-06:00
Remove unused RA::SetFlushInterval()
- - - - -
f5c8d95b by Endi S. Dewata at 2022-01-13T12:55:48-06:00
Remove unused RA::FlushAuditLogBuffer()
- - - - -
f1be6ac2 by Endi S. Dewata at 2022-01-13T12:57:07-06:00
Remove unused RA::SignAuditLog()
- - - - -
afdebdb3 by Endi S. Dewata at 2022-01-13T12:57:50-06:00
Remove unused RA::GetAuditSigningMessage()
- - - - -
85bbd616 by Endi S. Dewata at 2022-01-13T12:58:49-06:00
Remove unused RA::IsAuditEventSelected()
- - - - -
86e4c1b7 by Endi S. Dewata at 2022-01-13T13:37:52-06:00
Remove unused RA audit methods
- - - - -
a4f42e4f by Endi S. Dewata at 2022-01-13T13:38:00-06:00
Remove unused RA audit fields
- - - - -
c259e07d by Endi S. Dewata at 2022-01-13T13:42:12-06:00
Remove unused audit.h
- - - - -
697e54f5 by Endi S. Dewata at 2022-01-13T14:30:40-06:00
Remove unused RA::testTokendb()
- - - - -
a4b4d20f by Endi S. Dewata at 2022-01-13T14:32:03-06:00
Remove unused RA::ra_find_tus_certificate_entries_by_order_no_vlv()
- - - - -
861b31d4 by Endi S. Dewata at 2022-01-13T14:33:13-06:00
Remove unused RA::ra_find_tus_certificate_entries_by_order()
- - - - -
820783eb by Endi S. Dewata at 2022-01-13T14:34:26-06:00
Remove unused RA::ra_find_tus_token_entries_no_vlv()
- - - - -
a564d78f by Endi S. Dewata at 2022-01-13T14:36:15-06:00
Remove unused RA::ra_find_tus_token_entries()
- - - - -
7f8ddf4b by Endi S. Dewata at 2022-01-13T14:37:38-06:00
Remove unused RA::ra_get_token_reason()
- - - - -
b7a53829 by Endi S. Dewata at 2022-01-13T14:38:46-06:00
Remove unused RA::ra_get_token_userid()
- - - - -
1d1fdcbc by Endi S. Dewata at 2022-01-13T17:14:38-06:00
Remove unused RA::ra_get_cert_cn()
- - - - -
5b574e8a by Endi S. Dewata at 2022-01-13T17:15:33-06:00
Remove unused RA::ra_get_cert_status()
- - - - -
12ca3337 by Endi S. Dewata at 2022-01-13T17:16:39-06:00
Remove unused RA::ra_get_cert_type()
- - - - -
f4d277c8 by Endi S. Dewata at 2022-01-13T17:17:32-06:00
Remove unused RA::ra_get_cert_serial()
- - - - -
c248ea3a by Endi S. Dewata at 2022-01-13T17:18:24-06:00
Remove unused RA::ra_get_cert_issuer()
- - - - -
3c73ea6f by Endi S. Dewata at 2022-01-13T17:19:34-06:00
Remove unused RA::ra_delete_certificate_entry()
- - - - -
2b233662 by Endi S. Dewata at 2022-01-13T17:21:20-06:00
Remove unused RA::ra_get_certificates()
- - - - -
fbb47419 by Endi S. Dewata at 2022-01-13T19:53:20-06:00
Remove unused RA::ra_get_number_of_entries()
- - - - -
b81b8fce by Endi S. Dewata at 2022-01-13T19:56:13-06:00
Remove unused RA::SetGlobalSecurityLevel()
- - - - -
2d951e45 by Endi S. Dewata at 2022-01-13T19:57:19-06:00
Remove unused RA::GetGlobalSecurityLevel()
- - - - -
31267459 by Endi S. Dewata at 2022-01-13T20:03:12-06:00
Remove unused tus_authenticate()
- - - - -
c2ce9c89 by Endi S. Dewata at 2022-01-13T20:04:08-06:00
Remove unused tus_authorize()
- - - - -
d471dcd2 by Endi S. Dewata at 2022-01-13T20:05:02-06:00
Remove unused update_token_status_reason()
- - - - -
b8fca9a8 by Endi S. Dewata at 2022-01-13T20:49:49-06:00
Remove unused add_user_db_entry()
- - - - -
9ecac842 by Endi S. Dewata at 2022-01-13T20:51:12-06:00
Remove unused update_user_db_entry()
- - - - -
e6105091 by Endi S. Dewata at 2022-01-13T20:51:59-06:00
Remove unused add_user_to_role_db_entry()
- - - - -
fa337978 by Endi S. Dewata at 2022-01-13T20:52:50-06:00
Remove unused add_profile_to_user()
- - - - -
15e642b2 by Endi S. Dewata at 2022-01-13T20:55:13-06:00
Remove unused check_and_modify_tus_db_entry()
- - - - -
3ff9c296 by Endi S. Dewata at 2022-01-13T20:55:42-06:00
Remove unused modify_tus_db_entry()
- - - - -
a2b3fa96 by Endi S. Dewata at 2022-01-13T20:56:40-06:00
Remove unused update_tus_db_entry_with_mods()
- - - - -
537540f5 by Endi S. Dewata at 2022-01-13T20:57:37-06:00
Remove unused update_tus_db_entry()
- - - - -
afa2a537 by Endi S. Dewata at 2022-01-14T08:19:06-06:00
Remove unused get_authorized_profiles()
- - - - -
d51f8543 by Endi S. Dewata at 2022-01-14T08:19:57-06:00
Remove unused find_tus_user_role_entries()
- - - - -
4b04661f by Endi S. Dewata at 2022-01-14T08:19:58-06:00
Remove unused find_tus_user_entries_no_vlv()
- - - - -
c4efcfaf by Endi S. Dewata at 2022-01-14T08:19:58-06:00
Remove unused find_tus_certificate_entries()
- - - - -
93d91359 by Endi S. Dewata at 2022-01-14T08:20:59-06:00
Remove unused find_tus_activity_entries_no_vlv()
- - - - -
7d251c6c by Endi S. Dewata at 2022-01-14T08:21:45-06:00
Remove unused find_tus_activity_entries_pcontrol_1()
- - - - -
4a84643f by Endi S. Dewata at 2022-01-14T08:22:30-06:00
Remove unused find_tus_activity_entries()
- - - - -
12956583 by Endi S. Dewata at 2022-01-14T08:23:21-06:00
Remove unused find_tus_db_entries_pcontrol_1()
- - - - -
8b9e1a23 by Endi S. Dewata at 2022-01-14T08:23:58-06:00
Remove unused find_tus_db_entries()
- - - - -
05044924 by Endi S. Dewata at 2022-01-14T09:15:16-06:00
Remove unused base/tps-client/tools/tus
- - - - -
a43fb2df by Endi S. Dewata at 2022-01-14T09:15:16-06:00
Remove unused allow_token_enroll_policy()
- - - - -
e81027fd by Endi S. Dewata at 2022-01-14T09:15:16-06:00
Remove unused find_tus_db_entry()
- - - - -
1ab01402 by Endi S. Dewata at 2022-01-14T09:16:22-06:00
Remove unused add_default_tus_db_entry()
- - - - -
45e1a793 by Endi S. Dewata at 2022-01-14T09:17:34-06:00
Remove unused add_tus_db_entry()
- - - - -
8b70755e by Endi S. Dewata at 2022-01-14T09:18:16-06:00
Remove unused add_certificate()
- - - - -
596cdd0e by Endi S. Dewata at 2022-01-14T09:18:56-06:00
Remove unused add_activity()
- - - - -
70c076d9 by Endi S. Dewata at 2022-01-14T09:19:37-06:00
Remove unused add_tus_general_db_entry()
- - - - -
76cca37a by Endi S. Dewata at 2022-01-14T10:21:18-06:00
Remove unused create_modification_date_change()
- - - - -
2383e465 by Endi S. Dewata at 2022-01-14T10:22:08-06:00
Remove unused delete_all_profiles_from_user()
- - - - -
5892a9aa by Endi S. Dewata at 2022-01-14T10:22:55-06:00
Remove unused delete_profile_from_user()
- - - - -
777111d1 by Endi S. Dewata at 2022-01-14T10:23:34-06:00
Remove unused delete_user_from_role_db_entry()
- - - - -
b2b72c98 by Endi S. Dewata at 2022-01-14T10:24:56-06:00
Remove unused delete_user_db_entry()
- - - - -
2280f9a2 by Endi S. Dewata at 2022-01-14T10:25:35-06:00
Remove unused delete_tus_db_entry()
- - - - -
715c8b0e by Endi S. Dewata at 2022-01-14T10:26:17-06:00
Remove unused delete_tus_general_db_entry()
- - - - -
885a2c93 by Endi S. Dewata at 2022-01-14T10:27:21-06:00
Remove unused update_tus_general_db_entry()
- - - - -
eef5ba01 by Endi S. Dewata at 2022-01-14T11:34:30-06:00
Refactor Configurator.loadCert()
The code in Configurator.loadCert() has been moved into
CAConfigurator.loadCert() since only CA needs to import
existing system certs into the certificate repository.
- - - - -
7c2b97aa by Endi S. Dewata at 2022-01-14T11:40:32-06:00
Clean up PKIDeployer.setup_cert()
The PKIDeployer.setup_cert() has been modified to return
early for non-CA external/standalone installation since the
system certs are already provided so there is nothing more
to be done in this case.
- - - - -
487c4d0c by Endi S. Dewata at 2022-01-14T14:47:43-06:00
Add test for CA installation with CMC
- - - - -
afa6f72c by Endi S. Dewata at 2022-01-14T14:50:20-06:00
Refactor CAConfigurator.importCert()
The code in CAConfigurator.importCert() that checks whether the
cert to be imported is internal/external has been moved to the
caller.
- - - - -
6cefff4c by Endi S. Dewata at 2022-01-14T14:50:20-06:00
Add log messages in NSSDatabase.createRequest()
- - - - -
697dc5f2 by Endi S. Dewata at 2022-01-14T14:50:20-06:00
Remove references to IRegistrationAuthority in base/ca
- - - - -
1f6c71f7 by Endi S. Dewata at 2022-01-14T14:50:20-06:00
Remove references to IRegistrationAuthority in base/server
- - - - -
49e3600d by Endi S. Dewata at 2022-01-14T14:50:20-06:00
Remove unused IRegistrationAuthority
- - - - -
a8df75a5 by Endi S. Dewata at 2022-01-14T14:50:20-06:00
Remove unused IRAService
- - - - -
6f857f8c by Endi S. Dewata at 2022-01-14T18:24:52-06:00
Remove unused base/tps-client/src/test
- - - - -
60e9947d by Endi S. Dewata at 2022-01-14T18:25:34-06:00
Remove unused base/tps-client/src/include/service
- - - - -
9af6e649 by Endi S. Dewata at 2022-01-14T18:26:54-06:00
Remove unused base/tps-client/src/include/modules/tps
- - - - -
e1c7bcd3 by Endi S. Dewata at 2022-01-14T18:36:09-06:00
Remove unused RA::ra_get_attribute_values()
- - - - -
cf1d9152 by Endi S. Dewata at 2022-01-14T18:36:09-06:00
Remove unused get_number_of_*()
- - - - -
f703ea60 by Endi S. Dewata at 2022-01-14T18:45:36-06:00
Remove unused get_tus_db_config()
- - - - -
f493b486 by Endi S. Dewata at 2022-01-14T18:45:36-06:00
Remove unused set_tus_db_*()
- - - - -
15698d81 by Endi S. Dewata at 2022-01-14T18:48:06-06:00
Remove unused tus_check_conn()
- - - - -
c9382702 by Endi S. Dewata at 2022-01-14T18:48:06-06:00
Remove unused ldap_sort_entries()
- - - - -
40147470 by Endi S. Dewata at 2022-01-14T18:49:14-06:00
Remove unused base64_decode()
- - - - -
ce7edec9 by Endi S. Dewata at 2022-01-17T11:08:28-06:00
Remove unused tus_print_integer()
- - - - -
35247df5 by Endi S. Dewata at 2022-01-17T11:08:28-06:00
Remove unused tus_print_as_hex()
- - - - -
2d19c34f by Endi S. Dewata at 2022-01-17T11:30:23-06:00
Remove unused tus_db_init() and is_tus_db_initialized()
- - - - -
90528db8 by Endi S. Dewata at 2022-01-17T11:32:41-06:00
Remove unused tus_db_end() and tus_db_cleanup()
- - - - -
91800041 by Endi S. Dewata at 2022-01-17T11:39:22-06:00
Remove unused get_pwd_from_conf() and ReadLine()
- - - - -
1f05ff49 by Endi S. Dewata at 2022-01-17T11:41:31-06:00
Remove unused audit_log()
- - - - -
62a0877c by Endi S. Dewata at 2022-01-17T11:41:31-06:00
Remove unused et_cmp(), sort_cmp(), and reverse_sort_cmp()
- - - - -
784b965d by Endi S. Dewata at 2022-01-17T11:41:31-06:00
Remove unused allocate_values() and free_values()
- - - - -
9b3ce418 by Endi S. Dewata at 2022-01-17T11:41:31-06:00
Remove unused allocate_modifications() and free_modifications()
- - - - -
9b8fbdad by Endi S. Dewata at 2022-01-17T13:29:24-06:00
Remove unused token methods
- - - - -
9019a51b by Endi S. Dewata at 2022-01-17T13:30:59-06:00
Remove unused get_cert_attr_byname() and get_cert_attr_byname_int()
- - - - -
dce6c3ce by Endi S. Dewata at 2022-01-17T13:37:14-06:00
Remove unused LDAP methods
- - - - -
b62c2e9c by Endi S. Dewata at 2022-01-17T14:08:17-06:00
Remove unused valid_berval()
- - - - -
b2e53c69 by Endi S. Dewata at 2022-01-17T15:14:00-06:00
Remove unused token database
- - - - -
88b431b5 by Endi S. Dewata at 2022-01-17T16:51:29-06:00
Add PKIDeployer.create_cert_setup_request()
The code in PKIDeployer.setup_cert() that creates the request
object has been moved into create_cert_setup_request().
- - - - -
ff29e966 by Endi S. Dewata at 2022-01-17T17:57:21-06:00
Add SystemCertData.keyType
The SystemCertData.keyType has been added to pass the cert's
key type to the server.
- - - - -
c27d15f6 by Endi S. Dewata at 2022-01-17T17:57:28-06:00
Add SystemCertData.ecType
The SystemCertData.ecType has been added to pass the cert's
EC type to the server.
- - - - -
c78d594f by Endi S. Dewata at 2022-01-17T17:57:32-06:00
Add SystemCertData.keyAlgorithm
The SystemCertData.keyAlgorithm has been added to pass the
cert's key algorithm to the server.
- - - - -
84cb9380 by Endi S. Dewata at 2022-01-17T17:57:37-06:00
Refactor ConfigClient.set_ca_signing_cert_info()
The code in ConfigClient.set_ca_signing_cert_info() that
stores the extension params into SystemCertData has been
moved into PKIDeployer.create_cert_setup_request().
- - - - -
a0894e13 by Endi S. Dewata at 2022-01-17T17:57:37-06:00
Remove unused Configurator.getNickname()
- - - - -
ec9f41a9 by Endi S. Dewata at 2022-01-17T19:51:39-06:00
Add test for KRA installation with CMC
- - - - -
07ea2684 by Endi S. Dewata at 2022-01-17T19:51:55-06:00
Remove unused Configurator.deleteDir()
- - - - -
cf6b35a9 by Endi S. Dewata at 2022-01-17T19:51:55-06:00
Remove unused Configurator.getHostInfo()
- - - - -
8e242e39 by Endi S. Dewata at 2022-01-17T20:49:24-06:00
Remove unused CertEnroll
- - - - -
3526ae3e by Endi S. Dewata at 2022-01-17T21:00:00-06:00
Remove unused RA::GetCAConn() and RA::ReturnCAConn()
- - - - -
711b0d67 by Endi S. Dewata at 2022-01-17T21:00:00-06:00
Remove unused RA::GetPodIndex() and RA::SetPodIndex()
- - - - -
3fc97be6 by Endi S. Dewata at 2022-01-17T21:00:00-06:00
Remove unused RA::GetConfigLock()
- - - - -
b5e3d117 by Endi S. Dewata at 2022-01-17T21:00:00-06:00
Add SystemCertData.requestType
The SystemCertData.requestType has been added to pass the
cert's request type to the server.
- - - - -
0b5cf792 by Endi S. Dewata at 2022-01-18T13:24:32-06:00
Refactor SystemConfigService.setupAdmin() (part 1)
The SystemConfigService.setupAdmin() has been modified to
take a CertificateSetupRequest object.
- - - - -
88f1b737 by Endi S. Dewata at 2022-01-18T13:24:45-06:00
Refactor SystemConfigService.setupAdmin() (part 2)
The SystemConfigService.setupAdmin() has been modified to
return a SystemCertData object.
- - - - -
42f5a0c9 by Endi S. Dewata at 2022-01-18T13:24:55-06:00
Remove unused AdminSetupRequest and AdminSetupResponse
- - - - -
36d8406e by Endi S. Dewata at 2022-01-18T13:24:58-06:00
Remove unused CertificateSetupResponse
- - - - -
9c89ffd1 by Endi S. Dewata at 2022-01-18T13:42:51-06:00
Exclude .git folder from Eclipse project
- - - - -
e0a65081 by Endi S. Dewata at 2022-01-18T16:26:00-06:00
Refactor Configurator.createCertRequest()
The Configurator.createCertRequest() has been renamed and
changed to return a PKCS10 object.
- - - - -
df2ca173 by Endi S. Dewata at 2022-01-18T16:43:57-06:00
Refactor CryptoUtil.createX509CertInfo()
The CryptoUtil.createX509CertInfo() has been modified to take
an X500Name subject.
- - - - -
1eb25938 by Endi S. Dewata at 2022-01-18T17:39:03-06:00
Refactor Configurator.createLocalCert()
The Configurator.createLocalCert() has been modified to take
an X500Name issuer.
- - - - -
cf84de3a by Endi S. Dewata at 2022-01-19T10:10:14-06:00
Clean up log messages in Configurator
- - - - -
6a2442da by Endi S. Dewata at 2022-01-19T12:01:24-06:00
Refactor Configurator.createCert()
The Configurator.createCert() has been modified to take an
X509Key object, key algorithm, and an X500Name subject.
- - - - -
2a86d1ad by Endi S. Dewata at 2022-01-19T12:01:24-06:00
Refactor Configurator.setupCert()
The code in Configurator.setupCert() that creates a local or
self-signed cert in CA has been moved into CAConfigurator.
- - - - -
efe503d8 by Endi S. Dewata at 2022-01-19T12:10:16-06:00
Display cert request IDs in hex
- - - - -
2f2bb550 by Endi S. Dewata at 2022-01-19T12:10:16-06:00
Update CA tests to show the certs and cert requests
- - - - -
7e0937a3 by Endi S. Dewata at 2022-01-19T13:31:10-06:00
Add test for OCSP installation with CMC
- - - - -
33d89363 by Endi S. Dewata at 2022-01-19T14:07:27-06:00
Add CAConfigurator.createRequestID()
The code that creates the cert request ID has been moved
into CAConfigurator.createRequestID().
- - - - -
8c986b82 by Endi S. Dewata at 2022-01-19T14:07:31-06:00
Add CAConfigurator.createCertID()
The code that creates the cert ID has been moved into
CAConfigurator.createCertID()
- - - - -
92001b1d by Endi S. Dewata at 2022-01-19T14:07:31-06:00
Merge Repository.initCacheIfNeeded() into initCache()
- - - - -
c671227e by Endi S. Dewata at 2022-01-19T14:07:31-06:00
Remove --debug from pki-healthcheck invocations
- - - - -
7d7552ad by Endi S. Dewata at 2022-01-20T10:53:25-06:00
Add test for CA with random serial number v1
- - - - -
4055d33a by Endi S. Dewata at 2022-01-20T12:23:33-06:00
Update PyDev configuration
- - - - -
4783bd0f by Endi S. Dewata at 2022-01-20T14:46:45-06:00
Update server hostname in examples
- - - - -
80ba2ce5 by Endi S. Dewata at 2022-01-20T14:48:12-06:00
Display request IDs in hex
- - - - -
af6310e6 by Endi S. Dewata at 2022-01-20T14:58:58-06:00
Rename trust attributes to trust flags for consistency
- - - - -
d47b9d56 by Endi S. Dewata at 2022-01-20T18:57:24-06:00
Remove unused IHttpConnFactory
- - - - -
eae7b524 by Endi S. Dewata at 2022-01-20T18:57:35-06:00
Move IHttpConnection to pki-server
- - - - -
ec75480e by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IKeyRepository to pki-server
- - - - -
a6a1226f by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IKeyRecordList to pki-server
- - - - -
c7b82a47 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IKeyRecord to pki-server
- - - - -
9611e3fa by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IRepository to pki-server
- - - - -
34a13562 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IRepositoryRecord to pki-server
- - - - -
923af2b2 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move ICRLIssuingPointRecord to pki-server
- - - - -
f7f142b1 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IDBVirtualList to pki-server
- - - - -
4065e1a0 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IDBObj to pki-server
- - - - -
32069ea3 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IPolicy to pki-server
- - - - -
5e069b96 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move INotify to pki-server
- - - - -
26325886 by Endi S. Dewata at 2022-01-20T18:57:44-06:00
Move IResender to pki-server
- - - - -
7fdf548b by Endi S. Dewata at 2022-01-21T10:26:05-06:00
Move Repository.mEnableRandomSerialNumbers
The Repository.mEnableRandomSerialNumbers has been moved into
CertificateRepository since it's only used by that class.
The getRangeLength(), getRandomLimit(), and getNumbersInRange()
methods have been added to encapsulate class-specific code.
- - - - -
c5192f98 by Endi S. Dewata at 2022-01-21T10:32:30-06:00
Move IHttpPKIMessage to pki-server
- - - - -
128f9e35 by Endi S. Dewata at 2022-01-21T10:32:30-06:00
Move IPKIMessage to pki-server
- - - - -
0fc4ab20 by Endi S. Dewata at 2022-01-21T10:32:30-06:00
Move IRequest to pki-server
- - - - -
ddc2ead4 by Endi S. Dewata at 2022-01-21T10:32:30-06:00
Move IConnectionFactory to pki-console
- - - - -
ba8a4409 by Endi S. Dewata at 2022-01-21T10:32:30-06:00
Move IConnection to pki-console
- - - - -
6024d5ac by Endi S. Dewata at 2022-01-21T10:32:30-06:00
Move IAuthenticator to pki-console
- - - - -
02f78907 by Endi S. Dewata at 2022-01-21T13:55:18-06:00
Add test for cert key archival
- - - - -
b6cf9e62 by Endi S. Dewata at 2022-01-21T14:40:04-06:00
Move ITransportKeyUnit to pki-server
- - - - -
d6ae1bde by Endi S. Dewata at 2022-01-21T14:40:49-06:00
Move IStorageKeyUnit to pki-server
- - - - -
0add1ee6 by Endi S. Dewata at 2022-01-21T14:41:22-06:00
Move IEncryptionUnit to pki-server
- - - - -
9913d027 by Endi S. Dewata at 2022-01-21T14:41:55-06:00
Move IToken to pki-server
- - - - -
01c078d5 by Endi S. Dewata at 2022-01-21T14:42:27-06:00
Move ICryptoSubsystem to pki-server
- - - - -
ccdbf7a0 by Endi S. Dewata at 2022-01-21T16:39:59-06:00
Move CertRequestRepository.initRequest() to CAConfigurator
- - - - -
67ac0731 by Endi S. Dewata at 2022-01-21T16:39:59-06:00
Move CertRequestRepository.updateRequest() to CAConfigurator
- - - - -
39eb4d4a by Endi S. Dewata at 2022-01-21T16:39:59-06:00
Refactor ISubsystem.init()
The ISubsystem.init() has been modified to throw generic
exceptions.
- - - - -
7b9e5eaa by Endi S. Dewata at 2022-01-21T16:39:59-06:00
Add Repository.init()
The Repository.init() has been added to encapsulate repository
initialization.
- - - - -
ddef528d by Endi S. Dewata at 2022-01-25T13:49:57-06:00
Remove unused RA::match_comma_list()
- - - - -
d0a39f7b by Endi S. Dewata at 2022-01-25T13:50:59-06:00
Remove unused RA::remove_from_comma_list()
- - - - -
5cdcc4fe by Endi S. Dewata at 2022-01-25T13:51:42-06:00
Remove unused RA::do_free()
- - - - -
57a90c18 by Endi S. Dewata at 2022-01-25T14:15:57-06:00
Remove unused RA::ComputeSessionKey()
- - - - -
22f733f4 by Endi S. Dewata at 2022-01-25T14:19:37-06:00
Remove unused RA::CreateDesKey24Byte()
- - - - -
87ea66a7 by Endi S. Dewata at 2022-01-25T14:21:45-06:00
Remove unused RA::ComputeHostCryptogram()
- - - - -
2cd44e54 by Endi S. Dewata at 2022-01-25T14:23:12-06:00
Remove unused RA::RecoverKey()
- - - - -
b5d67ccb by Endi S. Dewata at 2022-01-25T14:27:12-06:00
Remove unused RA::FindSymKeyByName()
- - - - -
6fda6975 by Endi S. Dewata at 2022-01-25T14:28:43-06:00
Remove unused RA::ServerSideKeyGen()
- - - - -
5558c5ba by Endi S. Dewata at 2022-01-25T15:59:31-06:00
Remove unused RA::Failover()
- - - - -
c24c8e75 by Endi S. Dewata at 2022-01-25T16:00:09-06:00
Remove unused RA DRM connection objects
- - - - -
38e90e36 by Endi S. Dewata at 2022-01-25T16:00:11-06:00
Remove unused RA TKS connection objects
- - - - -
21d34750 by Endi S. Dewata at 2022-01-25T16:00:29-06:00
Remove unused RA CA connection objects
- - - - -
6d510bee by Endi S. Dewata at 2022-01-25T16:00:30-06:00
Remove unused RA::GetCurrentIndex() and SetCurrentIndex()
- - - - -
8a033609 by Endi S. Dewata at 2022-01-25T16:08:21-06:00
Remove unused RA httpSend()
- - - - -
772abcec by Endi S. Dewata at 2022-01-25T16:08:24-06:00
Remove unused RA HttpConnection
- - - - -
2a580085 by Endi S. Dewata at 2022-01-26T09:50:57-06:00
Add test for CA with file-based CRL publishing
- - - - -
0d995e43 by Endi S. Dewata at 2022-01-26T12:49:14-06:00
Remove unused RA ConnectionInfo
- - - - -
7e0649bd by Endi S. Dewata at 2022-01-26T13:06:55-06:00
Remove unused RA Secure_Channel
- - - - -
7bad3af0 by Endi S. Dewata at 2022-01-26T13:06:58-06:00
Remove unused RA Channel
- - - - -
6730d890 by Endi S. Dewata at 2022-01-26T13:06:58-06:00
Remove unused RA::isAlgorithmECC()
- - - - -
b8cca887 by Endi S. Dewata at 2022-01-26T13:15:19-06:00
Remove unused RA::GetConfigStore()
- - - - -
c7a8d710 by Endi S. Dewata at 2022-01-26T13:15:19-06:00
Remove unused RA ConfigStore
- - - - -
24e7440a by Endi S. Dewata at 2022-01-26T13:15:19-06:00
Remove unused RA PKCS11Obj
- - - - -
09fe5f07 by Endi S. Dewata at 2022-01-26T13:15:19-06:00
Remove unused RA IConnector and IPublish_Data
- - - - -
f0ef4c42 by Endi S. Dewata at 2022-01-26T14:15:50-06:00
Remove unused RA ObjectSpec
- - - - -
b4e61bef by Endi S. Dewata at 2022-01-26T14:18:57-06:00
Remove unused RA AttributeSpec
- - - - -
3aeb3b22 by Endi S. Dewata at 2022-01-26T14:19:10-06:00
Remove unused RA Login
- - - - -
554d45f0 by Endi S. Dewata at 2022-01-26T14:20:51-06:00
Remove unused RA SecureId
- - - - -
e0a86dc2 by Endi S. Dewata at 2022-01-26T14:22:26-06:00
Remove unused RA_Session
- - - - -
b336a255 by Endi S. Dewata at 2022-01-26T14:23:54-06:00
Remove unused RA_pblock
- - - - -
a5187e12 by Endi S. Dewata at 2022-01-26T14:29:20-06:00
Remove unused PSHttpServer::putFile()
- - - - -
4dea5401 by Endi S. Dewata at 2022-01-26T14:33:37-06:00
Remove unused HttpEngine::makeRequest()
- - - - -
6064e633 by Endi S. Dewata at 2022-01-26T14:46:51-06:00
Remove unused PSHttpResponse
- - - - -
66ca520f by Endi S. Dewata at 2022-01-26T14:55:45-06:00
Remove unused PSHttpRequest
- - - - -
fdb366b1 by Endi S. Dewata at 2022-01-26T14:56:08-06:00
Remove unused HttpEngine
- - - - -
f6b2dac5 by Endi S. Dewata at 2022-01-26T15:01:57-06:00
Remove unused PSHttpServer
- - - - -
f59f65c0 by Endi S. Dewata at 2022-01-26T16:06:15-06:00
Remove unused RA httpClient
- - - - -
93032b9a by Endi S. Dewata at 2022-01-26T16:09:12-06:00
Remove unused RA::GetVerifyLock()
- - - - -
c61c7ab6 by Endi S. Dewata at 2022-01-26T16:13:07-06:00
Remove unused RA::Error()
- - - - -
875c6aa1 by Endi S. Dewata at 2022-01-26T16:19:52-06:00
Remove unused RA::Debug()
- - - - -
9355673f by Endi S. Dewata at 2022-01-27T08:22:44-06:00
Remove unused RA LogFile
- - - - -
011454a9 by Endi S. Dewata at 2022-01-27T08:22:46-06:00
Remove unused RA_Context
- - - - -
d497bd20 by Endi S. Dewata at 2022-01-27T08:22:47-06:00
Remove unused RA class
- - - - -
f1f42da8 by Endi S. Dewata at 2022-01-27T10:19:25-06:00
Remove unused base/tps-client/scripts
- - - - -
c10b2560 by Endi S. Dewata at 2022-01-27T10:19:47-06:00
Remove unused base/tps-client/wrappers
- - - - -
b208265b by Endi S. Dewata at 2022-01-28T12:50:47-06:00
Fix pki-healthcheck for clones
Previously the ClonesConnectivyAndDataCheck.check_kra_clones()
was trying to check KRA clone status by retrieving a key using
the subsystem cert. This operation did not work since the user
associated with the cert did not have access to the keys. The
code has been changed to get the status from GetStatus service
instead. The original code might be moved into IPA later so it
could run with IPA's RA agent credentials which would allow
access to the keys.
Previously the ClonesPlugin.contact_subsystem_using_sslget()
used sslget to call GetStatus service and returned the entire
output which was then incorrectly processed in XML format. The
method has been renamed to get_status() and changed to use
PKIConnection and process the response in either JSON or XML
format, then only return the subsystem status. All callers
have been updated accordingly.
The ClonesPlugin.contact_subsystem_using_pki() is no longer
used so it has been removed.
- - - - -
3b2850f0 by Endi S. Dewata at 2022-01-28T12:50:47-06:00
Update tests for pki-healthcheck
The clone tests have been modified to run pki-healthcheck.
All pki-healtcheck invocations have been modified to show
only the failures.
- - - - -
3cc4a73b by Endi S. Dewata at 2022-01-28T13:22:22-06:00
Clean up SecurityDomain.deregister()
The SecurityDomain.deregister() has been modified to use the
same name that was used for joining the security domain. The
list, ncsport, adminsport, agentsport params are not used so
they have been removed.
- - - - -
dfccd846 by Endi S. Dewata at 2022-01-28T15:15:13-06:00
Fix PyDev warnings
- - - - -
b9637e59 by Endi S. Dewata at 2022-02-01T09:16:33-06:00
Replace deprecated distutils.sysconfig.get_python_lib()
The distutils.sysconfig.get_python_lib() has been deprecated
so it has been replaced with sysconfig.get_path('purelib').
https://bugs.python.org/issue41282
https://www.python.org/dev/peps/pep-0632/
- - - - -
2c07f96c by Endi S. Dewata at 2022-02-01T09:29:25-06:00
Update log messages in KRAConnector.deregister()
- - - - -
45f19e8e by Endi S. Dewata at 2022-02-01T09:29:25-06:00
Update log messages in SecurityDomain.deregister()
- - - - -
c3d09f2b by Endi S. Dewata at 2022-02-02T11:34:38-06:00
Update log messages in KRAConnectorProcessor
- - - - -
aa6d6cd9 by Endi S. Dewata at 2022-02-02T11:34:39-06:00
Update log messages in SubsystemGroupUpdater
- - - - -
9e67d5c4 by Endi S. Dewata at 2022-02-02T11:38:27-06:00
Clean up variable names in PKIDeployer.finalize_subsystem()
- - - - -
22636322 by Endi S. Dewata at 2022-02-02T16:12:57-06:00
Fix typo in ClonesPlugin.get_status()
- - - - -
33cd066c by Endi S. Dewata at 2022-02-02T18:29:33-06:00
Update log messages in PKIDeployer.finalize_subsystem()
- - - - -
1b4b3aa6 by Endi S. Dewata at 2022-02-03T09:16:34-06:00
Add CAConfigurator.initSubsystem()
The code that initializes the CA subsystem after creating
or importing the signing certificate has been moved to
CAConfigurator.initSubsystem().
- - - - -
b26541c7 by Endi S. Dewata at 2022-02-03T12:25:07-06:00
Clean up tools tests
- - - - -
d99d9796 by Endi S. Dewata at 2022-02-03T12:51:26-06:00
Add tests for trust flags using pki nss-cert-show
- - - - -
221e92e1 by Endi S. Dewata at 2022-02-03T13:31:22-06:00
Remove unused scripts
- - - - -
082f113b by Endi S. Dewata at 2022-02-03T13:43:51-06:00
Update COMPONENT in Dockerfiles
- - - - -
08d7b220 by Endi S. Dewata at 2022-02-03T16:22:39-06:00
Log request IDs in hex
- - - - -
00f0ff75 by Endi S. Dewata at 2022-02-04T08:40:01-06:00
Add Dockerfile for IPA runner
The IPA tests have been modified to use a new Dockerfile which
will include IPA packages in the image so the tests do not need
to install the packages.
- - - - -
65c82c1e by Endi S. Dewata at 2022-02-04T08:40:56-06:00
Convert tpsclient man page into Markdown
- - - - -
81ee66ac by Endi S. Dewata at 2022-02-07T10:04:40-06:00
Add SystemCertData.requestID
The SystemCertData.requestID has been added to store cert's
request ID.
- - - - -
5db8b2e0 by Endi S. Dewata at 2022-02-07T10:44:44-06:00
Refactor CAConfigurator.importCert()
The CAConfigurator.importCert() has been modified to take a
request ID instead of creating a new one.
- - - - -
e2cf18ea by Endi S. Dewata at 2022-02-07T10:44:49-06:00
Refactor Configurator.loadCert()
The Configurator.loadCert() has been modified to take a
SystemCertData object which will store the request ID created
by the method.
- - - - -
bc9ca004 by Endi S. Dewata at 2022-02-07T10:44:49-06:00
Refactor SystemConfigService.loadCert()
The SystemConfigService.loadCert() has been modified to return
a SystemCertData object which might contain the request ID.
- - - - -
befa8cb0 by Endi S. Dewata at 2022-02-07T12:15:26-06:00
Update test scripts to use password authentication
The test scripts have been modified to use password instead of
client certificate to avoid intermittent authentication failures.
- - - - -
51d28ae0 by Endi S. Dewata at 2022-02-07T13:09:15-06:00
Refactor Configurator.createCert() (part 1)
The code that creates the SSL server cert for CA clone has
been moved out of Configurator.createCert().
- - - - -
86de76f2 by Endi S. Dewata at 2022-02-07T13:09:15-06:00
Refactor Configurator.createCert() (part 2)
The code that creates a remote cert has been moved out of
Configurator.createCert().
- - - - -
90f737e1 by Endi S. Dewata at 2022-02-07T13:09:15-06:00
Replace Configurator.createCert() with createLocalCert()
- - - - -
6a146db4 by Endi S. Dewata at 2022-02-07T13:09:15-06:00
Refactor Configurator.createLocalCert()
The Configurator.createLocalCert() has been modified to take
a request ID instead of creating a new one.
- - - - -
becf82ce by Endi S. Dewata at 2022-02-07T13:09:15-06:00
Refactor Configurator.setupCert()
The Configurator.setupCert() has been modified to return a
SystemCertData object which might contain a request ID.
- - - - -
9d16fcde by Endi S. Dewata at 2022-02-07T14:13:03-06:00
Refactor SystemConfigService.loadCert()
The SystemConfigService.loadCert() has been modified to get
the certificate request from the caller instead of loading
from a parameter in CS.cfg.
- - - - -
b9027ef0 by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Remove unused SystemCertDataFactory
- - - - -
913f921b by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Remove unused Cert
- - - - -
27d56dfa by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Merge IAuditor into Auditor
- - - - -
63ea97dd by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Move IJob and IJobCron to pki-server
- - - - -
0a9701c9 by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Move IPluginImpl to pki-server
- - - - -
d1212a3d by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Move SignedAuditEvent to pki-server
- - - - -
c2cef65b by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Remove unused ISubsystemSource
- - - - -
79681774 by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Move AuditEvent to pki-server
- - - - -
c4e23f3d by Endi S. Dewata at 2022-02-07T16:42:29-06:00
Remove unused IBundleLogEvent
- - - - -
34126de5 by Endi S. Dewata at 2022-02-07T16:42:58-06:00
Move LogEvent to pki-server
- - - - -
22da48f0 by Endi S. Dewata at 2022-02-07T16:43:36-06:00
Move ILogEventFactory to pki-server
- - - - -
9acf8b2e by Endi S. Dewata at 2022-02-07T16:44:48-06:00
Move AuditFormat to pki-server
- - - - -
426e1369 by Endi S. Dewata at 2022-02-07T16:45:48-06:00
Move ILogger to pki-server
- - - - -
7e0280a9 by Endi S. Dewata at 2022-02-07T16:50:43-06:00
Merge ILogQueue into LogQueue
- - - - -
7c7517a3 by Endi S. Dewata at 2022-02-07T16:52:04-06:00
Move ILogEvent and ILogEventListener to pki-server
- - - - -
e18c86bc by Chris Kelley at 2022-02-08T15:29:52+00:00
Remove CertRequestConstants
Only one of the constants is used, in a place where its use is
surprising. The surrounding code uses constants from IRequest so use the
replacement constant from that interface.
- - - - -
e2facba0 by Endi S. Dewata at 2022-02-08T13:35:02-06:00
Refactor SystemConfigService.loadCert() (part 1)
The SystemConfigService.loadCert() has been modified to load
the cert provided in the request object instead of loading
it from the NSS database directly.
- - - - -
da35114d by Endi S. Dewata at 2022-02-08T13:35:06-06:00
Refactor SystemConfigService.loadCert() (part 2)
The code in SystemConfigService.loadCert() that checks whether
the cert is external has been moved to the caller.
- - - - -
bbd3d44d by Endi S. Dewata at 2022-02-09T11:53:57-06:00
Clean up CAConfigurator.updateRequest()
The CAConfigurator.updateRequest() has been modified to get
the X509CertInfo from the X509CertImpl instead of from a
separate parameter.
- - - - -
cb19784c by Endi S. Dewata at 2022-02-09T12:20:13-06:00
Clean up log messages in CAConfigurator
- - - - -
9d659f1b by Endi S. Dewata at 2022-02-09T12:56:33-06:00
Update CAConfigurator.createLocalCert() and importCert()
The CAConfigurator.createLocalCert() and importCert() have
been modified to get the bootstrap profile params from the
configuration object instead of the profile object.
- - - - -
85a153c1 by Endi S. Dewata at 2022-02-09T14:58:57-06:00
Refactor PKIDeployer.setup_system_certs()
The PKIDeployer.setup_system_certs() has been modified to
reuse the NSSDatabase object.
- - - - -
2eb72afa by Endi S. Dewata at 2022-02-09T14:59:04-06:00
Refactor CAConfigurator.createAdminCertificate()
The CAConfigurator.createAdminCertificate() has been modified
to take an return a SystemCertData object.
- - - - -
e7ba9cac by Endi S. Dewata at 2022-02-09T17:00:15-06:00
Update NSSDatabase.add_cert()
The NSSDatabase.add_cert() has been modified to provide params
to specify the cert data and its format.
- - - - -
29488256 by Endi S. Dewata at 2022-02-09T18:11:11-06:00
Update Configurator.setupCert()
The code that imports the new cert into the NSS database
has been moved out of Configurator.setupCert().
- - - - -
139413ce by Chris Kelley at 2022-02-10T16:25:03+00:00
Remove XML parsing from ProfilePolicy
- - - - -
657bf41f by Endi S. Dewata at 2022-02-10T13:30:35-06:00
Add test for uninstalling IPA clone
- - - - -
129ee229 by Christina Fu at 2022-02-11T10:23:40-08:00
B1996141-subCA-adjustValidity
The CAValidityDefault is used by the profile caCMCcaCert during
subCA creation when using the CMC enrollment method.
While pkispawn auto-enrollment for subCA uses non CMC methods which
allows for use of the installAdjustValidity parameter to adjust
the notAfter date to match that of the signing CA's, the CAValidityDefault
does not.
This patch reads the bypassCAnotafter parameter in the CAValidityDefault
plugin so that by default the notAfter date will not supercede that of
the signing CA's.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1996141
- - - - -
b0cfb58d by Endi S. Dewata at 2022-02-11T18:35:42-06:00
Update log messages in LDAPSession
- - - - -
335d13a0 by Endi S. Dewata at 2022-02-11T18:35:46-06:00
Update log messages in PublisherProcessor
- - - - -
b7cb5590 by Endi S. Dewata at 2022-02-14T09:32:57-06:00
Fix pkidestroy for KRA with external certs
Generally, when installing KRA pkispawn will create a subsystem
cert in the CA using a profile that will also create a subsystem
user for the KRA in the CA (see SubsystemGroupUpdater), then
pkispawn will create a KRA connector in the CA as well (see
UpdateConnector). In case the KRA is removed later pkidestroy can
use this user to remove the KRA connector from the CA.
If the KRA was installed with external certs (including CMC case),
pkispawn would create the subsystem cert using a different profile
which would not create the subsystem user, but it would still
create the KRA connector. However, that means pkidestroy would not
be able to remove the KRA connector.
To fix the problem, some of the code in SubsystemGroupUpdater has
been copied into UpdateConnector such that the subsystem user will
be created when the KRA connector is added if it does not already
exist.
Right now the SubsystemGroupUpdater might still be needed for
other things, but potentially it could be removed in the future.
- - - - -
53a064f5 by Chris Kelley at 2022-02-14T17:36:58+00:00
Update version to v11.1.0 and update dependencies
- - - - -
bb1c6169 by Chris Kelley at 2022-02-14T17:40:48+00:00
Update Requires for ldapjdk and tomcatjss
- - - - -
6b784e2f by Endi S. Dewata at 2022-02-14T14:06:53-06:00
Update version number to 11.2.0-alpha1
- - - - -
6326a0e3 by Endi S. Dewata at 2022-02-14T18:10:39-06:00
Update IPA tests to install KRA separately
The IPA tests have been updated to install KRA separately
to simplify troubleshooting.
- - - - -
eb9929d8 by Endi S. Dewata at 2022-02-14T18:39:13-06:00
Refactor CAConfigurator.importCert()
The CAConfigurator.importCert() has been modified to store the
actual cert request extensions into the cert request record.
- - - - -
0ac01221 by Endi S. Dewata at 2022-02-15T09:16:05-06:00
Move tpsclient into pki-tools
The tpsclient, libtps.so, and its man page have been moved into
pki-tools package which contains other native tools.
The pki-tps has been converted into a platform independent
package.
- - - - -
18aea0d0 by Endi S. Dewata at 2022-02-15T14:24:53-06:00
Update RequestDefaultStub
The RequestDefaultStub has been modified to extend the
Request class.
- - - - -
12a3a056 by Endi S. Dewata at 2022-02-15T15:11:00-06:00
Move IRequest constants to Request
- - - - -
e2e55f1b by Endi S. Dewata at 2022-02-15T15:11:08-06:00
Move IRequest type constants to Request
- - - - -
88270e9c by Endi S. Dewata at 2022-02-15T15:11:12-06:00
Move IRequest requestor constants to Request
- - - - -
764be10a by Endi S. Dewata at 2022-02-15T15:11:14-06:00
Move IRequest attribute constants to Request
- - - - -
d0c41296 by Endi S. Dewata at 2022-02-15T15:15:29-06:00
Move IRequest enrollment constants to Request
- - - - -
c81d0848 by Endi S. Dewata at 2022-02-15T15:15:31-06:00
Move IRequest renewal constants to Request
- - - - -
c5c86c84 by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest revocation constants to Request
- - - - -
a41d986f by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest Netkey constants to Request
- - - - -
c1e3740d by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest security data constants to Request
- - - - -
379b5bf9 by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest keygen constants to Request
- - - - -
8ff531d8 by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest server-side keygen constants to Request
- - - - -
ea3a302c by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest requestor type constants to Request
- - - - -
0d4c323a by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest internal constants to Request
- - - - -
e477f6a3 by Endi S. Dewata at 2022-02-15T15:38:12-06:00
Move IRequest policy constants to Request
- - - - -
7f97ce10 by Endi S. Dewata at 2022-02-15T15:44:52-06:00
Move remaining IRequest constants to Request
- - - - -
7dd518a0 by Endi S. Dewata at 2022-02-15T17:56:29-06:00
Update log messages in UpdateConnector
- - - - -
ac385479 by Endi S. Dewata at 2022-02-16T09:48:25-06:00
Clean up test scripts
- - - - -
1cd0a129 by Endi S. Dewata at 2022-02-16T14:54:56-06:00
Update IRequestVirtualList.getElementAt() to return Request
- - - - -
39391cf5 by Endi S. Dewata at 2022-02-16T14:54:56-06:00
Update RequestRepository.createRequest() to return Request
- - - - -
c42d4dec by Endi S. Dewata at 2022-02-16T15:41:29-06:00
Update RequestRepository.readRequest() to return Request
- - - - -
890506c0 by Endi S. Dewata at 2022-02-16T15:42:47-06:00
Update KeyRequestDAO.createRecoveryRequest() to return Request
- - - - -
8e722ea0 by Endi S. Dewata at 2022-02-16T16:32:01-06:00
Disable XML validation in Eclipse
- - - - -
3f09e51d by Endi S. Dewata at 2022-02-16T16:32:01-06:00
Update Profile.createRequests() to return Request
- - - - -
bd52baa4 by Endi S. Dewata at 2022-02-16T16:32:27-06:00
Update BootstrapProfile.populate() to accept Request
- - - - -
ed9af849 by Endi S. Dewata at 2022-02-16T16:33:23-06:00
Update ARequestQueue.processRequest() to accept Request
- - - - -
8ad0d40b by Endi S. Dewata at 2022-02-16T16:45:39-06:00
Update RenewalProcessor to use Request
- - - - -
dfa73536 by Endi S. Dewata at 2022-02-16T16:45:39-06:00
Update CertProcessor to use Request
- - - - -
fed9233b by Endi S. Dewata at 2022-02-16T16:59:35-06:00
Change CMSRequest.mRequest to Request
- - - - -
ba8c7249 by Endi S. Dewata at 2022-02-16T17:02:40-06:00
Update CAProcessor to use Request
- - - - -
d7521452 by Endi S. Dewata at 2022-02-16T17:11:57-06:00
Merge ICommandQueue into CommandQueue
- - - - -
497ce77d by Endi S. Dewata at 2022-02-16T17:16:32-06:00
Merge ICMSRequest into CMSRequest
- - - - -
b1fd8adb by Endi S. Dewata at 2022-02-16T17:25:07-06:00
Merge ICAService into CAService
- - - - -
1a5c8eda by Endi S. Dewata at 2022-02-16T17:40:23-06:00
Update IService.serviceRequest() to accept Request
- - - - -
7972002e by Endi S. Dewata at 2022-02-16T17:43:13-06:00
Update IServant.service() to accept Request
- - - - -
107c60c5 by Endi S. Dewata at 2022-02-16T17:58:20-06:00
Update IPolicy.apply() to accept Request
- - - - -
ac1123db by Endi S. Dewata at 2022-02-16T18:06:18-06:00
Update ProfileInput.populate() to accept Request
- - - - -
0dc01b7f by Endi S. Dewata at 2022-02-16T18:09:17-06:00
Update ProfileInput to use Request
- - - - -
041347f3 by Endi S. Dewata at 2022-02-16T18:27:15-06:00
Update PolicyDefault to use Request
- - - - -
e48a9922 by Endi S. Dewata at 2022-02-16T18:32:39-06:00
Update PolicyConstraint to use Request
- - - - -
e3cdf509 by Endi S. Dewata at 2022-02-16T18:46:14-06:00
Update EnrollDefault.populate() to accept Request
- - - - -
7ca8f724 by Endi S. Dewata at 2022-02-17T09:36:08-06:00
Fix pkidestroy for OCSP with external certs
Generally, when installing OCSP pkispawn will create a subsystem
cert in the CA using a profile that will also create a subsystem
user for the OCSP in the CA (see SubsystemGroupUpdater), then
pkispawn will create an OCSP publisher in the CA as well (see
UpdateOCSPConfig). In case the OCSP is removed later pkidestroy
can use this user to remove the OCSP publisher from the CA.
If the OCSP was installed with external certs (including CMC
case), pkispawn would create the subsystem cert using a different
profile which would not create the subsystem user, but it would
still create the OCSP publisher. However, that means pkidestroy
would not be able to remove the OCSP publisher.
To fix the problem, some of the code in SubsystemGroupUpdater has
been copied into UpdateOCSPConfig such that the subsystem user
will be created when the OCSP publisher is added if it does not
already exist.
Right now the SubsystemGroupUpdater might still be needed for
other things, but potentially it could be removed in the future.
- - - - -
0a9e32cb by Endi S. Dewata at 2022-02-21T19:41:08-06:00
Update OCSPClient to support hex serial numbers
The OCSPClient has been modified to accept hex serial numbers
but always display the returned serial number in hex.
- - - - -
c6ecac10 by Endi S. Dewata at 2022-02-22T09:33:48-06:00
Add test for CA profiles
- - - - -
4d989ace by Endi S. Dewata at 2022-02-23T10:49:15-06:00
Add RSNv3 for CA
The CertificateRepository, RequestRepository, and Repository
classes have been modified to support the new RSNv3 and the
legacy ID generators. pkispawn's default.cfg has been modified
to provide the configuration parameters.
- - - - -
5ebf1eee by Endi S. Dewata at 2022-02-23T10:49:15-06:00
Add test for CA with RSNv3
- - - - -
02ce6811 by Endi S. Dewata at 2022-02-23T14:31:23-06:00
Refactor CMSAdminServlet (part 1)
CA-specific code in CMSAdminServlet has been moved into
CACMSAdminServlet.
- - - - -
036d7ee8 by Endi S. Dewata at 2022-02-23T15:48:46-06:00
Refactor CMSAdminServlet (part 2)
KRA-specific code in CMSAdminServlet has been moved into
KRACMSAdminServlet.
- - - - -
4bdc061a by Endi S. Dewata at 2022-02-23T15:48:46-06:00
Fix NPE in CMSEngine.shutdownAuthSubsystem()
- - - - -
27c26006 by Endi S. Dewata at 2022-02-23T15:48:46-06:00
Clean up log messages in OCSPPublisher
- - - - -
fa628ad4 by Endi S. Dewata at 2022-02-24T08:08:25-06:00
Add tests for PKI server
A new GH workflow has been added to test basic PKI server
functionalities (e.g. create, start, stop, remove) without any
PKI subsystems. It will also test running the server as a
container. The container image later can be used to create other
PKI subsystem containers.
- - - - -
192c923a by Endi S. Dewata at 2022-02-24T09:42:25-06:00
Add RSNv3 for KRA
The KeyRepository class has been modified to support the new
RSNv3 and the legacy sequential ID generators (it doesn't
support RSNv1) for keys in KRA. pkispawn's default.cfg has been
modified to provide parameters to configure the ID generator
type and ID length.
- - - - -
616a1010 by Endi S. Dewata at 2022-02-24T09:42:25-06:00
Add test for KRA with RSNv3
- - - - -
74536e4e by Endi S. Dewata at 2022-02-24T14:56:52-06:00
Fix pki-server remove
The pki-server remove has been modified to assume that the
server has already been stopped.
- - - - -
559f46fd by Endi S. Dewata at 2022-02-24T14:56:53-06:00
Fix PKIInstance.is_available()
The PKIInstance.is_available() has been modified to use the
plain port if the secure port is not available.
- - - - -
e2f16fa1 by Endi S. Dewata at 2022-02-24T15:10:22-06:00
Fix PKIConnection constructor
The PKIConnection constructor has been modified not to include
the port number in the URL if it's not provided.
- - - - -
f6ce9ff4 by Endi S. Dewata at 2022-02-25T12:16:18-06:00
Add CAConfigurator.createCertRecord()
The code that creates the cert record in CAConfigurator has
been moved into createCertRecord().
- - - - -
737d8efa by Endi S. Dewata at 2022-02-25T12:20:24-06:00
Add CAConfigurator.updateRequestRecord()
The code that updates the request record in CAConfigurator
has been moved into updateRequestRecord().
- - - - -
46734f6a by Endi S. Dewata at 2022-02-25T12:20:24-06:00
Add CAConfigurator.createRequestRecord()
The code that creates the request record in CAConfigurator
has been moved into createRequestRecord().
- - - - -
cfa8f10a by Endi S. Dewata at 2022-02-25T12:40:04-06:00
Add CAConfigurator.createRequestExtensions()
The code that creates the request extensions in CAConfigurator
has been moved into createRequestExtensions().
- - - - -
1901ad76 by Endi S. Dewata at 2022-02-25T12:54:05-06:00
Merge Configurator.setupCert() into SystemConfigService
- - - - -
1b67d1fb by Endi S. Dewata at 2022-02-25T12:59:09-06:00
Merge Configurator.createAdminCertificate() into SystemConfigService
- - - - -
bfd4b0c4 by Endi S. Dewata at 2022-02-25T15:12:09-06:00
Move ConfigClient.process_admin_cert() into PKIDeployer
- - - - -
157b51fd by Endi S. Dewata at 2022-02-25T15:12:09-06:00
Move ConfigClient.process_admin_p12() into PKIDeployer
- - - - -
7c2037de by Endi S. Dewata at 2022-02-25T15:32:06-06:00
Merge ConfigClient.save_admin_csr() into PKIDeployer
- - - - -
d2b9a03f by Endi S. Dewata at 2022-02-25T15:32:06-06:00
Remove unused ConfigClient.save_system_csr()
- - - - -
d227d0c0 by Endi S. Dewata at 2022-02-25T15:32:06-06:00
Simplify PKIDeployer.get_admin_cert()
- - - - -
74ade6ee by Endi S. Dewata at 2022-02-25T15:32:06-06:00
Simplify PKIDeployer.setup_system_certs()
- - - - -
eb0ac702 by Endi S. Dewata at 2022-02-25T16:08:30-06:00
Simplify PKIDeployer.setup_system_cert()
- - - - -
0683763a by Endi S. Dewata at 2022-02-25T18:17:57-06:00
Refactor CryptoUtil.findPrivateKeyFromID()
The code in CryptoUtil.findPrivateKeyFromID() that finds
a private key in a specific token has been moved into a
separate method.
- - - - -
301f30c9 by Endi S. Dewata at 2022-02-25T18:38:28-06:00
Refactor NSSDatabase.createRequest()
The code in NSSDatabase.createRequest() that loads/creates
the key pair has been moved into separate methods.
- - - - -
61b32e7d by Endi S. Dewata at 2022-02-25T18:40:04-06:00
Refactor Configurator.createPKCS10Request()
The code in Configurator.createPKCS10Request() that creates
the request extensions has been moved to the caller.
- - - - -
bd49c90f by Endi S. Dewata at 2022-02-28T15:57:09-06:00
Simplify SystemConfigService.setupCert()
The code in SystemConfigService.setupCert() that calls
createRemoteCert() has been merged.
- - - - -
116a1586 by Endi S. Dewata at 2022-02-28T15:57:09-06:00
Add SystemCertData.keyID
- - - - -
048fa3be by Endi S. Dewata at 2022-02-28T15:57:09-06:00
Add SystemConfigService.setupKey()
The code in SystemConfigService.setupCert() that loads or
creates the cert key has been moved into setupKey().
- - - - -
a8908677 by Endi S. Dewata at 2022-02-28T15:57:09-06:00
Add SystemConfigService.createRequest()
The code in SystemConfigService.setupCert() that creates the
cert request has been moved into createRequest().
- - - - -
add6ab84 by Endi S. Dewata at 2022-02-28T17:13:14-06:00
Refactor PKIDeployer.request_admin_cert()
The PKIDeployer.request_admin_cert() has been converted into
a generic request_cert(). The admin-specific code has been
moved to the caller.
- - - - -
315b6c8e by Endi S. Dewata at 2022-02-28T17:13:55-06:00
Remove redundant code in CertificateAuthority.initCertSigningUnit()
- - - - -
ed58074d by Endi S. Dewata at 2022-02-28T18:18:51-06:00
Update CAConfigurator.createLocalCert()
The CAConfigurator.createLocalCert() has been modified to
create a new signing unit instead of reusing the existing
one from the subsystem to reduce dependency on subsystem
initialization.
- - - - -
c33d2302 by Endi S. Dewata at 2022-03-01T19:37:10-06:00
Update OCSP test
The OCSP test has been modified to check the OCSP responder
with no CRLs, with revoked cert, and with unrevoked cert using
OCSPClient and OpenSSL.
- - - - -
ec8fedcb by Endi S. Dewata at 2022-03-02T15:49:55-06:00
Clean up PKIDeployer.setup_system_cert()
- - - - -
bfcb0f1c by Endi S. Dewata at 2022-03-02T15:51:12-06:00
Split SystemConfigService.loadCert()
The SystemConfigService.loadCert() has been split into
importRequest() and importCert().
- - - - -
e3585e29 by Endi S. Dewata at 2022-03-02T15:51:13-06:00
Split SystemConfigService.setupCert()
The SystemConfigService.setupCert() has been split into
requestCert() and createCert().
- - - - -
3481ec05 by Endi S. Dewata at 2022-03-02T18:06:58-06:00
Replace CertificateSetupRequest.clone and masterURL
The clone and masterURL fields in CertificateSetupRequest have
been replaced with url field. The code that sets its value has
been moved into PKIDeployer.setup_system_cert().
- - - - -
c27bb2e2 by Endi S. Dewata at 2022-03-02T18:06:58-06:00
Add options for pki ca-cert-request-submit
The pki ca-cert-request-submit has been modified to provide
--dns-names and --requestor options.
- - - - -
8c342c5f by Endi S. Dewata at 2022-03-02T18:33:39-06:00
Replace SystemConfigService.requestCert()
The SystemConfigService.requestCert() has been replaced with
PKIDeployer.request_cert()
- - - - -
0a7a49b9 by Endi S. Dewata at 2022-03-02T19:10:59-06:00
Remove unused SystemConfigService.requestCert()
- - - - -
d7c10e84 by Endi S. Dewata at 2022-03-03T14:23:37-06:00
Add SystemCertData.adjustValidity
The SystemCertData.adjustValidity has been added to allow
the client provides the value.
- - - - -
b8580cff by Endi S. Dewata at 2022-03-03T14:23:40-06:00
Replace CertUtils.getAdminProfileAlgorithm()
The code in CertUtils.getAdminProfileAlgorithm() that determines
the signing algorithm for admin cert has been moved into
PKIDeployer.
- - - - -
006fe199 by Endi S. Dewata at 2022-03-03T14:42:57-06:00
Merge SystemConfigService.setupAdmin() into createCert()
The code in SystemConfigService.setupAdmin() that creates the
admin cert has been merged into createCert().
- - - - -
dc897f52 by Endi S. Dewata at 2022-03-03T14:42:57-06:00
Remove unused SystemConfigService.setupAdmin()
- - - - -
7413bddd by Endi S. Dewata at 2022-03-03T14:42:57-06:00
Remove unused SystemCertData.installToken
- - - - -
f75c20e6 by Endi S. Dewata at 2022-03-03T15:53:08-06:00
Remove obsolete Servlet 2.3 DTD
- - - - -
766d5aa3 by Endi S. Dewata at 2022-03-03T15:59:47-06:00
Update RequestProcessor to use Request
- - - - -
d1a3bb78 by Endi S. Dewata at 2022-03-03T16:00:53-06:00
Update CRSEnrollment to use Request
- - - - -
b4cf1f84 by Endi S. Dewata at 2022-03-03T16:03:07-06:00
Update Profile to use Request
- - - - -
640264e5 by Endi S. Dewata at 2022-03-03T16:14:24-06:00
Update ProfileInput and ProfileOutput to use Request
- - - - -
aa5387af by Endi S. Dewata at 2022-03-03T16:22:33-06:00
Update PolicySet and PolicyRule to use Request
- - - - -
93e74f4d by Endi S. Dewata at 2022-03-03T16:30:21-06:00
Update EnrollConstraint to use Request
- - - - -
a29c6223 by Endi S. Dewata at 2022-03-03T16:30:21-06:00
Update RequestQueue to use Request
- - - - -
c92d7dcc by Endi S. Dewata at 2022-03-03T17:52:54-06:00
Update EnrollDefault to use Request
- - - - -
3f6397f6 by Endi S. Dewata at 2022-03-03T18:36:14-06:00
Update Processor to use Request
- - - - -
b101e3d7 by Endi S. Dewata at 2022-03-03T18:36:18-06:00
Update IConnector, INotify, and IRequestListener to use Request
- - - - -
493e3811 by Endi S. Dewata at 2022-03-03T18:36:18-06:00
Update ProfileAuthenticator to use Request
- - - - -
b88fc7f0 by Endi S. Dewata at 2022-03-03T18:36:18-06:00
Update ILdapMapper to use Request
- - - - -
9570d42f by Endi S. Dewata at 2022-03-03T18:36:18-06:00
Update IExpression to use Request
- - - - -
ba3daff7 by Endi S. Dewata at 2022-03-03T18:36:18-06:00
Update Pattern to use Request
- - - - -
3f8957d6 by Endi S. Dewata at 2022-03-03T18:36:18-06:00
Update LogEvent to use Request
- - - - -
5649ad06 by Endi S. Dewata at 2022-03-04T13:53:26-06:00
Update IRequestList to use Request
- - - - -
8538ec0e by Endi S. Dewata at 2022-03-04T13:55:11-06:00
Update RequestRepository to use Request
- - - - -
81425bb2 by Endi S. Dewata at 2022-03-04T13:56:18-06:00
Update RequestAttr to use Request
- - - - -
ff309e9b by Endi S. Dewata at 2022-03-04T13:58:00-06:00
Update QueryReq to use Request
- - - - -
802196f7 by Endi S. Dewata at 2022-03-04T14:01:14-06:00
Update CertReqParser to use Request
- - - - -
b1de3248 by Endi S. Dewata at 2022-03-04T14:04:05-06:00
Update ProfileSubmitServlet to use Request
- - - - -
700ee0b2 by Endi S. Dewata at 2022-03-04T14:05:46-06:00
Update CMSRequestDAO to use Request
- - - - -
b04f2a9e by Endi S. Dewata at 2022-03-04T14:07:51-06:00
Update CMSServlet to use Request
- - - - -
8fd6b886 by Endi S. Dewata at 2022-03-04T14:10:44-06:00
Update IPKIMessage to use Request
- - - - -
e2ee02b7 by Endi S. Dewata at 2022-03-04T14:14:45-06:00
Update CertificateAuthority to use Request
- - - - -
e9ceea36 by Endi S. Dewata at 2022-03-04T14:16:00-06:00
Update KeyRecoveryAuthority to use Request
- - - - -
8338687d by Endi S. Dewata at 2022-03-04T14:19:02-06:00
Update ProfileReviewServlet to use Request
- - - - -
fe84ca25 by Endi S. Dewata at 2022-03-04T14:22:10-06:00
Update ConnectorServlet to use Request
- - - - -
444d875a by Endi S. Dewata at 2022-03-04T15:34:01-06:00
Update pki-ca to use Request
- - - - -
7a2aa6b2 by Endi S. Dewata at 2022-03-04T15:34:01-06:00
Update pki-kra to use Request
- - - - -
f4d5f030 by Endi S. Dewata at 2022-03-04T15:34:01-06:00
Update pki-server to use Request
- - - - -
aa07b730 by Endi S. Dewata at 2022-03-04T15:34:01-06:00
Remove unused IRequest
- - - - -
7d1a94e0 by Endi S. Dewata at 2022-03-07T11:04:31-06:00
Clean up PKIDeployer.setup_system_cert()
- - - - -
7670c198 by Endi S. Dewata at 2022-03-07T13:12:31-06:00
Refactor CAConfigurator.importRequest()
The code in CAConfigurator.importRequest() that updates the
request record has been moved into importCert().
- - - - -
f44a2514 by Endi S. Dewata at 2022-03-07T14:33:21-06:00
Refactor CAConfigurator.createCert()
The CAConfigurator.createCert() has been modified to load
the request record from the request repository.
- - - - -
9f354a9c by Endi S. Dewata at 2022-03-07T15:02:37-06:00
Add SystemCertData.signingAlgorithm
The SystemCertData.signingAlgorithm has been added to provide
the signing algorithm to SystemConfigService.createCert().
- - - - -
08357ced by Endi S. Dewata at 2022-03-07T15:24:53-06:00
Remove unused CertificateSetupRequest.url
- - - - -
99f1529d by Endi S. Dewata at 2022-03-07T17:42:51-06:00
Merge ARequestQueue into RequestQueue
- - - - -
d9f5d330 by Endi S. Dewata at 2022-03-07T19:30:21-06:00
Move RequestQueue.updateRequest() to RequestRepository
- - - - -
d6b49e98 by Endi S. Dewata at 2022-03-07T19:30:21-06:00
Add CASubsystem.import_cert()
The CASubsystem.import_cert() has been added to import a cert
while the server is offline. pkispawn has been modified to use
this method instead of SystemConfigService.importCert().
- - - - -
d02c5460 by Endi S. Dewata at 2022-03-07T19:30:21-06:00
Remove unused SystemConfigService.importCert()
- - - - -
af91bdbd by Endi S. Dewata at 2022-03-07T19:30:21-06:00
Add pki-server ca-cert-import
The pki-server ca-cert-import has been added to invoke
CASubsystem.import_cert() from command line.
- - - - -
24e4ef67 by Chris Kelley at 2022-03-08T16:37:14+00:00
Log keyForUSer at INFO in FlatFileAuth to ease future debugging
- - - - -
ef781a37 by Endi S. Dewata at 2022-03-09T09:16:17-06:00
Add PKIDeployer.configure_id_generators()
The PKIDeployer.configure_id_generators() has been added to
configure the ID generator parameters in CS.cfg based on the
selected type. This will ensure that the ID generator code
does depend on parameters belonging to another ID generator.
- - - - -
48bc06dd by Endi S. Dewata at 2022-03-09T11:37:24-06:00
Update ACME tests to use RSNv3
- - - - -
7ff340a5 by Endi S. Dewata at 2022-03-09T11:37:38-06:00
Fix pki-server migrate CLI
The pki-server migrate CLI has been modified to configure the
AJP connectors with either secret or requiredSecret parameter
(mutually exclusive) depending on the Tomcat version.
https://bugzilla.redhat.com/show_bug.cgi?id=2061458
- - - - -
181ac22f by Endi S. Dewata at 2022-03-09T12:40:15-06:00
Update pki-server ca-cert-import
The pki-server ca-cert-import has been modified to load the
specified profile to get the profile ID mapping.
- - - - -
27e5600b by Endi S. Dewata at 2022-03-09T13:49:13-06:00
Move CAConfigurator.createRequestExtensions() to CertUtil
- - - - -
437e9468 by Endi S. Dewata at 2022-03-09T16:02:37-06:00
Refactor CAConfigurator.createRequestRecord()
The CAConfigurator.createRequestRecord() has been split into
smaller methods and moved into CertRequestRepository.
- - - - -
762842fe by Endi S. Dewata at 2022-03-09T18:33:53-06:00
Add CMSRequestInfo.requestID
The CMSRequestInfo.requestID has been added to store the
actual request ID instead of relying on request URL.
- - - - -
221d1d5a by Endi S. Dewata at 2022-03-09T19:38:30-06:00
Split CertRequestInfoFactory.create()
- - - - -
87c09909 by Endi S. Dewata at 2022-03-10T09:11:54-06:00
Update PKISubsystem.request_ranges()
The PKISubsystem.request_ranges() has been modified to request
ID ranges from the master only for legacy ID generators and
replica ID.
- - - - -
b713c88d by Endi S. Dewata at 2022-03-10T09:11:54-06:00
Update CA clone test to use RSNv3
- - - - -
9cfd2ae6 by Endi S. Dewata at 2022-03-10T09:11:54-06:00
Update KRA clone test to use RSNv3
- - - - -
6207bd7f by Endi S. Dewata at 2022-03-10T10:26:09-06:00
Update TPS tests to use RSNv3
- - - - -
4a25e1c9 by Endi S. Dewata at 2022-03-10T16:39:14-06:00
Update default RSNv3 length
pkispawn's default.cfg has been modified to generate 128-bit numbers
for RSNv3 by default as described in the design:
https://github.com/dogtagpki/pki/wiki/Random-Certificate-Serial-Numbers-v3
All RSNv3 tests have been modified to use the default length.
The Repository.getNextSerialNumber() has been updated to no longer
call BigInteger.abs() since the BigInteger constructor will always
create a non-negative number.
- - - - -
c11c8802 by Endi S. Dewata at 2022-03-10T17:41:01-06:00
Add SystemConfigService.createRequestID()
The code in SystemConfigService.importRequest() that creates
the cert request ID has been moved to createRequestID().
- - - - -
2863990d by Endi S. Dewata at 2022-03-11T12:17:36-06:00
Update OCSP tests to use RSNv3
- - - - -
43d1c837 by Endi S. Dewata at 2022-03-14T10:10:14-05:00
Refactor CertRequestRepository.updateRequest()
The CertRequestRepository.updateRequest() has been modified
to parse the cert request to get the subject name, the public
key, and the request extensions.
- - - - -
7abf83b1 by Endi S. Dewata at 2022-03-14T11:56:29-05:00
Add PKIDeployer.pki_connect()
The code that creates the client object in configuration.py
has been moved into PKIDeployer.pki_connect().
- - - - -
9889d67e by Endi S. Dewata at 2022-03-14T13:00:03-05:00
Add PKISubsystem.import_cert_request()
The SystemConfigService.importRequest() has been converted
into PKISubsystem.import_cert_request() which runs outside
of the server.
- - - - -
d1a8f589 by Endi S. Dewata at 2022-03-14T17:53:02-05:00
Remove unused PluginRegistry.mConfig
- - - - -
a0b445fb by Endi S. Dewata at 2022-03-14T18:08:15-05:00
Rename PluginRegistry.fileConfig to registryConfig
- - - - -
9d73ad7a by Endi S. Dewata at 2022-03-14T18:08:15-05:00
Clean up PluginRegistry.loadPlugins()
- - - - -
f7937594 by Endi S. Dewata at 2022-03-14T18:08:15-05:00
Rename CMSEngine.createFileConfigStore() to loadConfigStore()
- - - - -
dc719bc6 by Endi S. Dewata at 2022-03-14T18:10:30-05:00
Rename FileConfigStore to FileConfigStorage
- - - - -
68c111a5 by Endi S. Dewata at 2022-03-14T18:10:31-05:00
Rename LDAPConfigStore to LDAPConfigStorage
- - - - -
190bb73c by Endi S. Dewata at 2022-03-14T18:30:54-05:00
Rename PropConfigStore to ConfigStore
- - - - -
297e9461 by Endi S. Dewata at 2022-03-15T13:09:15-05:00
Rename DBSubsystem.mConfig to ldapConfig
- - - - -
b9b79232 by Endi S. Dewata at 2022-03-15T13:09:15-05:00
Update DBSubsystem.init()
The DBSubsystem.init() has been modified to take an LDAPConfig
parameter.
- - - - -
b7c16089 by Endi S. Dewata at 2022-03-15T15:17:53-05:00
Update minimum connections for DBSubsystem in CLI
The CLIs that use DBSubsystem have been modified to use only
one connection to the database.
- - - - -
800f60c9 by Endi S. Dewata at 2022-03-15T18:30:14-05:00
Add DatabaseConfig.getLDAPConfig()
The DatabaseConfig.getLDAPConfig() has been added to get the
LDAP configuration object.
- - - - -
dc2cec9c by Endi S. Dewata at 2022-03-15T18:33:40-05:00
Update UGSubsystem.init()
The UGSubsystem.init() has been modified to take an LDAPConfig
parameter.
- - - - -
bb630285 by Endi S. Dewata at 2022-03-15T18:33:40-05:00
Update minimum connections for UGSubsystem in CLI
The CLIs that use UGSubsystem have been modified to use only
one connection to the database.
- - - - -
38a8d43b by Endi S. Dewata at 2022-03-16T09:14:23-05:00
Add docs for RSNv3
[skip ci]
- - - - -
ed2d687a by Endi S. Dewata at 2022-03-16T09:54:22-05:00
Update CA tests to use RSNv3
The basic CA test has been modified to switch to RSNv3 after
installing using sequential ID generator. The remaining CA
tests have been modified to install using RSNv3 except for the
RSNv1 test.
- - - - -
2071cb2d by Endi S. Dewata at 2022-03-16T09:56:31-05:00
Update KRA tests to use RSNv3
The basic KRA test has been modified to switch to RSNv3 after
installing using sequential ID generator. The remaining KRA
tests have been modified to install using RSNv3.
- - - - -
93202c23 by Chris Kelley at 2022-03-16T15:03:46+00:00
Code cleanup in CMSServlet
* Remove unnecessary Boolean literals
* Use ternary operator where appropriate
* Remove redundant jumps
* Remove unnecessary else clauses
* Remove empty if statements
* Don't create variables ust to return them
* Remove null checks prior to instanceof checks
* Don't box int just to get a String
- - - - -
7890e8dc by Chris Kelley at 2022-03-16T15:18:20+00:00
Prevent NullPointerException in DirBasedAuthentication
* It is acceptable for getLdapAttrs() to return null, so check before
deference.
- - - - -
4003e7e6 by Endi S. Dewata at 2022-03-16T13:07:25-05:00
Remove unused SystemConfigService.importRequest()
- - - - -
a46f5a96 by Endi S. Dewata at 2022-03-16T13:08:55-05:00
Update CI tests to show system certs and CSRs
- - - - -
04db0b19 by Endi S. Dewata at 2022-03-16T13:09:55-05:00
Add PKIDeployer.import_cert_request()
The code that creates the request ID and imports the CSR has
been consolidated into PKIDeployer.import_cert_request().
- - - - -
af5a31d2 by Endi S. Dewata at 2022-03-16T14:14:11-05:00
Update error messages in RequestIdMapper and RequestStateMapper
- - - - -
86a4c3ac by Endi S. Dewata at 2022-03-16T20:21:51-05:00
Remove redundant CryptoUtil.generateRSAKeyPair()
- - - - -
848a5257 by Endi S. Dewata at 2022-03-16T20:23:52-05:00
Remove redundant CryptoUtil.generateECCKeyPair()
- - - - -
7e29e4d2 by Endi S. Dewata at 2022-03-16T20:23:59-05:00
Refactor SystemConfigService.setupKey()
The code in SystemConfigService.setupKey() that creates the
key pair has been moved into createRequest().
- - - - -
4fbf70ca by Endi S. Dewata at 2022-03-16T20:23:59-05:00
Rename SystemConfigService.setupKey() to findKey()
- - - - -
8c835450 by Endi S. Dewata at 2022-03-16T20:23:59-05:00
Replace Configurator.createRSAKeyPair()
The Configurator.createRSAKeyPair() has been replaced with
CryptoUtil.generateRSAKeyPair().
- - - - -
429a3f61 by Endi S. Dewata at 2022-03-16T20:23:59-05:00
Replace Configurator.createECCKeyPair()
The Configurator.createECCKeyPair() has been replaced with
CryptoUtil.generateECCKeyPair().
- - - - -
942727a3 by Endi S. Dewata at 2022-03-17T12:56:52-05:00
Update PKIDeployer.import_cert_request()
Previously in some installation scenarios importing a cert
request into the database has to be done while the server is
running since the legacy ID generator can only work within the
server.
The PKIDeployer.import_cert_request() has been modified such
that if the server is configured with a legacy ID generator it
will continue to call the server to generate a new ID, then
import the cert request using the ID.
However, if the server is configured with RSNv3 it will let
PKISubsystem.import_cert_request() generate a new ID locally
(without the server) and import the cert request with the ID.
This will reduce the dependency on a running server during
installation.
The CACertRequestImportCLI has been modified to provide an
option to return the result in JSON format such that it can
parsed by PKISubsystem.import_cert_request().
- - - - -
dc91b85c by Endi S. Dewata at 2022-03-17T13:10:20-05:00
Fix error in SystemConfigService.createRequest()
- - - - -
d612744f by Endi S. Dewata at 2022-03-17T13:10:35-05:00
Merge IRevocationInfo into RevocationInfo
- - - - -
26f790c7 by Endi S. Dewata at 2022-03-17T13:50:14-05:00
Update CMSEngine.loadConfigStore()
The CMSEngine.loadConfigStore() has been modified to return
ConfigStore.
- - - - -
d3ec7578 by Endi S. Dewata at 2022-03-17T13:52:20-05:00
Update IConfigStore.getSubStore() in pki-server
The IConfigStore.getSubStore() in pki-server has been modified
to return ConfigStore.
- - - - -
07dc2ef1 by Endi S. Dewata at 2022-03-17T13:52:20-05:00
Update IConfigStore.getSubStore() in pki-tps
The IConfigStore.getSubStore() in pki-tps has been modified
to return ConfigStore.
- - - - -
baefcd5d by Endi S. Dewata at 2022-03-17T13:52:20-05:00
Update IConfigStore.getSubStore() in pki-ocsp
The IConfigStore.getSubStore() in pki-ocsp has been modified
to return ConfigStore.
- - - - -
0f561368 by Endi S. Dewata at 2022-03-17T13:52:20-05:00
Update IConfigStore.getSubStore() in pki-kra
The IConfigStore.getSubStore() in pki-kra has been modified
to return ConfigStore.
- - - - -
58807d0b by Endi S. Dewata at 2022-03-17T19:48:34-05:00
Update IConfigStore.getSubStore() in org.dogtagpki.legacy.server
The IConfigStore.getSubStore() in org.dogtagpki.legacy.server
has been modified to return ConfigStore.
- - - - -
468955d7 by Endi S. Dewata at 2022-03-17T19:48:34-05:00
Update IConfigStore.getSubStore() in com.netscape.cms.profile
The IConfigStore.getSubStore() in com.netscape.cms.profile
has been modified to return ConfigStore.
- - - - -
e5844811 by Endi S. Dewata at 2022-03-17T19:48:34-05:00
Update IConfigStore.getSubStore() in com.netscape.cms.servlet
The IConfigStore.getSubStore() in com.netscape.cms.servlet
has been modified to return ConfigStore.
- - - - -
6a16b10b by Endi S. Dewata at 2022-03-17T19:48:34-05:00
Update IConfigStore.getSubStore() in com.netscape.cms.jobs
The IConfigStore.getSubStore() in com.netscape.cms.jobs
has been modified to return ConfigStore.
- - - - -
16bc3012 by Endi S. Dewata at 2022-03-17T19:48:34-05:00
Update IConfigStore.getSubStore() in com.netscape.ca
The IConfigStore.getSubStore() in com.netscape.ca has been
modified to return ConfigStore.
- - - - -
7cac7672 by Endi S. Dewata at 2022-03-17T19:48:58-05:00
Update IConfigStore.getSubStore() in pki-ca
The remaining IConfigStore.getSubStore() in pki-ca has been
modified to return ConfigStore.
- - - - -
30662536 by Chris Kelley at 2022-03-18T17:32:41+00:00
Remove ICertAuthority interface
* CertificateAuthority implements both ICertAuthority and
ICertificateAuthority which is confusing.
* ICertAuthority is basically a stub of ICertificateAuthority - only
containing one unique method not found in ICertificateAuthority. This
method is moved into ICertificateInterface.
* ICertAuthority extended IAuthority, which extends ISubsystem.
ICertificateAuthority extended ISubsystem directly.
ICertificateAuthority has been modified to extend IAuthority.
- - - - -
c3fe45b3 by Endi S. Dewata at 2022-03-18T13:33:23-05:00
Merge IConfigStore.makeSubStore() into ConfigStore
- - - - -
6569fda8 by Endi S. Dewata at 2022-03-18T13:33:23-05:00
Update PolicyConstraint to use ConfigStore
- - - - -
f9da052e by Endi S. Dewata at 2022-03-18T13:33:23-05:00
Update PolicyDefault to use ConfigStore
- - - - -
f5467e0e by Endi S. Dewata at 2022-03-18T13:33:23-05:00
Update ProfileInput to use ConfigStore
- - - - -
4a63c7a6 by Endi S. Dewata at 2022-03-18T13:33:23-05:00
Update IProfileUpdater to use ConfigStore
- - - - -
31d014eb by Endi S. Dewata at 2022-03-18T13:33:23-05:00
Update FeatureService to use ConfigStore
- - - - -
e35cd87e by Endi S. Dewata at 2022-03-18T17:53:34-05:00
Update generate_rpm_spec() in build.sh
The generate_rpm_spec() in build.sh has been modified
to edit the spec file in place.
- - - - -
7d30d653 by Endi S. Dewata at 2022-03-18T19:09:00-05:00
Move ISubsystem to pki-server
- - - - -
c183f9f8 by Endi S. Dewata at 2022-03-18T20:03:20-05:00
Move ILdapConnModule to pki-server
- - - - -
3e60b44a by Endi S. Dewata at 2022-03-18T20:10:15-05:00
Update ISubsystem to use ConfigStore
- - - - -
65d6aa47 by Endi S. Dewata at 2022-03-18T20:14:23-05:00
Update CertificateAuthority.getConfigStore() to return CAConfig
- - - - -
be7f49a7 by Endi S. Dewata at 2022-03-18T20:14:39-05:00
Update IPolicyRule to use ConfigStore
- - - - -
6f9c4feb by Endi S. Dewata at 2022-03-18T20:57:29-05:00
Update ISelfTest to use ConfigStore
- - - - -
d65f47a7 by Endi S. Dewata at 2022-03-18T20:57:29-05:00
Update IRequestListener to use ConfigStore
- - - - -
e6e248fe by Endi S. Dewata at 2022-03-18T20:57:29-05:00
Update IJob to use ConfigStore
- - - - -
0948011d by Endi S. Dewata at 2022-03-18T20:57:29-05:00
Update ILdapConnModule to use ConfigStore
- - - - -
05723338 by Chris Kelley at 2022-03-21T10:37:14+00:00
Use enhanced instanceof where there is a check-and-cast
* From Java 14 instanceof allows assignment to a variable of the checked
type without having to explicitly create one and cast it to the correct
type.
- - - - -
806ccb62 by Chris Kelley at 2022-03-21T10:40:14+00:00
Tidy up in CAEngine
* Access static members statically
* Remove unnecessary else clauses
* Remove unused local variables
* Combine identical execution paths
- - - - -
9e08c978 by Chris Kelley at 2022-03-21T15:05:49+00:00
Convert switch statements to switch expressions
* New in Java 13, they allow more concise case statements (among other
benefits).
- - - - -
5343f7cd by Endi S. Dewata at 2022-03-21T10:38:28-05:00
Remove unused IRequestListenerPlugin
- - - - -
4c3a864f by Endi S. Dewata at 2022-03-21T10:38:31-05:00
Move KeyCertData to pki-server
- - - - -
6f0828ed by Endi S. Dewata at 2022-03-21T10:38:32-05:00
Move ICRLIssuingPoint to pki-ca
- - - - -
7be94277 by Endi S. Dewata at 2022-03-21T10:38:34-05:00
Update ProfileAuthenticator to use ConfigStore
- - - - -
144f5fc1 by Endi S. Dewata at 2022-03-21T10:38:36-05:00
Update ICMSCRLExtension to use ConfigStore
- - - - -
a95124ec by Endi S. Dewata at 2022-03-21T10:38:38-05:00
Update ILdapPlugin to use ConfigStore
- - - - -
9e9f6ff6 by Endi S. Dewata at 2022-03-21T13:33:34-05:00
Update ProfileOutput to use ConfigStore
- - - - -
a0e74f7f by Endi S. Dewata at 2022-03-21T13:33:35-05:00
Update IOCSPStore to use ConfigStore
- - - - -
62de98d2 by Endi S. Dewata at 2022-03-21T13:33:36-05:00
Update ConfigStorage to use ConfigStore
- - - - -
06edbf0e by Endi S. Dewata at 2022-03-21T13:33:37-05:00
Update SigningUnit to use ConfigStore
- - - - -
14f8bfd8 by Endi S. Dewata at 2022-03-21T13:33:39-05:00
Update LdapRule to use ConfigStore
- - - - -
0366f2bc by Endi S. Dewata at 2022-03-21T14:15:48-05:00
Update ILogEventListener to use ConfigStore
- - - - -
6a7be2ca by Endi S. Dewata at 2022-03-21T14:15:50-05:00
Update CRLIssuingPoint to use ConfigStore
- - - - -
6660d3d1 by Endi S. Dewata at 2022-03-21T14:15:52-05:00
Update ICertificateAuthority to use ConfigStore
- - - - -
69c2cffe by Endi S. Dewata at 2022-03-21T14:20:17-05:00
Update KRAPolicy to use ConfigStore
- - - - -
d3689bf5 by Endi S. Dewata at 2022-03-21T14:23:16-05:00
Update org.dogtagpki.legacy to use ConfigStore
- - - - -
7351535f by Endi S. Dewata at 2022-03-21T15:30:17-05:00
Update com.netscape.cms.servlet to use ConfigStore
- - - - -
171e037a by Endi S. Dewata at 2022-03-21T15:33:03-05:00
Update com.netscape.cms.profile to use ConfigStore
- - - - -
412e2480 by Endi S. Dewata at 2022-03-21T15:33:05-05:00
Update com.netscape.cms.servlet to use ConfigStore
- - - - -
2a681aca by Endi S. Dewata at 2022-03-21T15:33:08-05:00
Update pki-tps to use ConfigStore
- - - - -
c205be74 by Endi S. Dewata at 2022-03-21T15:33:11-05:00
Update pki-tks to use ConfigStore
- - - - -
b233ce6d by Endi S. Dewata at 2022-03-21T16:22:55-05:00
Update pki-ocsp to use ConfigStore
- - - - -
e175fdd6 by Endi S. Dewata at 2022-03-21T16:23:01-05:00
Update pki-kra to use ConfigStore
- - - - -
7ad14c6f by Endi S. Dewata at 2022-03-21T16:23:04-05:00
Update pki-ca to use ConfigStore
- - - - -
157ad4a2 by Endi S. Dewata at 2022-03-21T16:23:08-05:00
Update pki-server to use ConfigStore
- - - - -
3fdaff45 by Endi S. Dewata at 2022-03-22T09:30:44-05:00
Fix JAVA_HOME for container
Previously when creating a new instance for a container the
PKIServer.create() would copy the default tomcat.conf which
might contain the wrong JAVA_HOME. The code has been changed
to update the tomcat.conf with the proper JAVA_HOME.
The pki-acme-run script has also been modified to run the
server using the pki-server run command which will load the
environment variables properly.
- - - - -
6fd21278 by Endi S. Dewata at 2022-03-22T12:47:34-05:00
Rename acme-wait.sh to pki-start-wait.sh
The acme-wait.sh has been renamed to pki-start-wait.sh since
it can be used in general to wait for PKI server to start.
- - - - -
dc9a75ce by Endi S. Dewata at 2022-03-22T12:50:39-05:00
Update server test
The server test has been modified to set up a client container
to verify that the server has started.
The Dockerfile has been modified to add the missing the
instance name.
- - - - -
ce8896d2 by Endi S. Dewata at 2022-03-22T17:49:10-05:00
Capture server test logs
- - - - -
800432ff by Endi S. Dewata at 2022-03-23T09:20:24-05:00
Split basic server installation doc
[skip ci]
- - - - -
ca2731e1 by Endi S. Dewata at 2022-03-23T11:15:09-05:00
Add pki-server-run
The code in pki-acme-run that imports/generates the CA signing
cert and SSL server cert and also runs the server has been moved
into pki-server-run such that it can be used by pki-server image.
- - - - -
f6432b33 by Endi S. Dewata at 2022-03-23T11:15:09-05:00
Refactor pki-acme image
The pki-acme image has been modified to extend pki-server image.
The code that configures the HTTPS connector for pki-acme image
has been moved into pki-server image.
- - - - -
a246e2e8 by Endi S. Dewata at 2022-03-23T20:52:27-05:00
Move HTTPS connector doc into admin guide
[skip ci]
- - - - -
17757403 by Chris Kelley at 2022-03-24T06:36:49+00:00
Remove unnecessary Boolean literals and returns in PublisherAdminServlet
- - - - -
049f4dd9 by Chris Kelley at 2022-03-24T13:22:58+00:00
Prevent NPE in ACMEEngine.checkOrder()
* Added CheckOrderResult.ORDER_NULL, return this if the order is null.
* Also does some minor cosmetic work.
- - - - -
e48c7f55 by Endi S. Dewata at 2022-03-24T09:49:06-05:00
Add tests for HTTPS connector
The basic server test has been modified to create a client
container to verify that the server is running.
A new job has been added to test HTTPS connector using NSS
database. Tests for HTTPS connector using other methods can
be added later.
The container test has been modified to use HTTPS protocol
to verify that the server is running.
The pki-start-wait.sh script has been modified to ignore
self-signed cert.
- - - - -
640299d9 by Endi S. Dewata at 2022-03-24T14:47:46-05:00
Update NSSDatabase.createRSAKeyPair() and createECKeyPair()
The NSSDatabase.createRSAKeyPair() and createECKeyPair() methods
have been modified to provide optional usages and usages mask
parameters.
- - - - -
1cf64df3 by Endi S. Dewata at 2022-03-24T16:17:05-05:00
Merge IConfigStore into ConfigStore
- - - - -
eca934ea by Endi S. Dewata at 2022-03-24T16:17:05-05:00
Remove unused IConfigStoreEventListener
- - - - -
fdef7548 by Endi S. Dewata at 2022-03-24T19:29:51-05:00
Add KeyInfo.keyId
The KeyInfo.keyId has been added to store the actual key ID
instead of relying on key URL.
- - - - -
af760c72 by Endi S. Dewata at 2022-03-25T10:37:42-05:00
Fix PKIServer.export_ca_cert()
Previously the PKIServer.export_ca_cert() would always export
the CA cert from NSS database in all cases. The code has been
modified to do the export only if the server has an HTTPS
connector with NSS database. The support for other types of
HTTPS connector will be added later.
- - - - -
f30bed2b by Endi S. Dewata at 2022-03-25T10:37:42-05:00
Add test for HTTPS connector with PKCS #12 file
A new test has been added to test HTTPS connector with
PKCS #12 file.
- - - - -
fdcfe5ea by Endi S. Dewata at 2022-03-25T10:37:42-05:00
Add test for HTTPS connector with JKS file
A new test has been added to test HTTPS connector with
JKS file.
- - - - -
ae520f57 by Endi S. Dewata at 2022-03-25T10:37:42-05:00
Add test for HTTPS connector with PEM files
A new test has been added to test HTTPS connector with
PEM files.
- - - - -
cdac531a by Endi S. Dewata at 2022-03-25T10:38:40-05:00
Update SystemConfigService.createRequest()
The SystemConfigService.createRequest() has been modified to
load/create the key pair, create the request extensions, and
create the CSR using the NSSDatabase class which is also used
by pki nss-cert-request CLI. The unused code in Configurator
class has been removed.
- - - - -
58979b5f by Endi S. Dewata at 2022-03-25T16:39:54-05:00
Update logging level for NSSDatabase
The NSSDatabase class has been modified to set the logging
level for pki commands according to the current setting.
- - - - -
0162bbc5 by Endi S. Dewata at 2022-03-25T18:19:34-05:00
Add NSSDatabase.run()
The code that calls external commands has been consolidated
into NSSDatabase.run().
- - - - -
8b5c91c4 by Endi S. Dewata at 2022-03-28T10:48:36-05:00
Clean up pki nss-cert-export
- - - - -
ef473f9e by Endi S. Dewata at 2022-03-28T15:55:03-05:00
Redirect banner prompt to standard error
Previously if PKI server was configured with access banner pki
CLI would display the access banner on the standard output.
This could cause a problem if pki CLI was used in automation
because the output might change.
To fix the problem pki CLI has been modified to dispaly the
access banner on the standard error instead.
- - - - -
7d80a22b by Christina Fu at 2022-03-29T14:26:50-07:00
Bug 2069813-Up default CA and OCSP signing cert key size to 3072
Up the default values for the following two pkispawn parameters to 3072
for RSA:
pki_ca_signing_key_size=3072
pki_ocsp_signing_key_size=3072
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2069813
- - - - -
b9811cee by Christina Fu at 2022-03-29T14:26:58-07:00
Bug 2069813- Up default CA and OCSP signing cert key size to 3072 (OCSP)
The earlier fix was only for under [CA];
This fix adds the missed pki_ocsp_signing_key_size=3072 change under [OCSP]
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2069813
- - - - -
88b6c198 by Endi S. Dewata at 2022-03-29T20:52:36-05:00
Add pki nss-key-find
The pki nss-key-find has been added to list all keys in the
NSS database.
- - - - -
e3ecbf52 by Endi S. Dewata at 2022-03-29T20:52:36-05:00
Add pki nss-key-find --output-format option
The pki nss-key-find has been modified to provide an option
to return the result in JSON format.
- - - - -
4c0d6a46 by Endi S. Dewata at 2022-03-30T09:32:17-05:00
Add pki nss-cert-export --output-file option
The pki nss-cert-export CLI has been modified to provide a
--output-file option for consistency with other CLIs. The
optional positional path argument has been deprecated.
- - - - -
175c75aa by Endi S. Dewata at 2022-03-30T18:27:38-05:00
Clean up CAEnrollProfile.execute()
- - - - -
6fcfa8e1 by Endi S. Dewata at 2022-03-30T19:08:21-05:00
Add pki nss-key-find --nickname option
The pki nss-key-find CLI has been modified to provide an
option to find the keys belonging a cert.
- - - - -
17be27de by Endi S. Dewata at 2022-03-30T19:08:21-05:00
Add tests for pki nss-key-find
- - - - -
c5e6b20f by Endi S. Dewata at 2022-03-31T10:20:06-05:00
Fix key ID handling in SystemConfigService
The SystemConfigService has been modified to support key IDs
in hexadecimal with 0x prefix.
- - - - -
556cdd88 by Endi S. Dewata at 2022-03-31T19:49:55-05:00
Fix key ID handling in SystemConfigService (part 2)
The SystemConfigService has been modified to support key IDs
with odd number of characters.
- - - - -
6b7ad7de by Endi S. Dewata at 2022-03-31T19:50:38-05:00
Add NSSDatabase.find_cert_keys()
The NSSDatabase.find_cert_keys() to get the keys belonging
to a certificate.
- - - - -
f92ea033 by Endi S. Dewata at 2022-03-31T19:50:38-05:00
Add PKIDeployer.find_cert_key()
The PKIDeployer.find_cert_key() has been added to get the
key of an existing system certificate (if any) using the
NSSDatabase.find_cert_keys().
- - - - -
dba97c12 by Endi S. Dewata at 2022-03-31T19:50:59-05:00
Remove unused SystemConfigService.findKey()
- - - - -
1d0682b4 by Endi S. Dewata at 2022-04-01T13:29:08-05:00
Add SystemCertData.sslECDH
- - - - -
ae82a5c2 by Endi S. Dewata at 2022-04-01T13:29:10-05:00
Add SystemCertData.keyWrap
- - - - -
f74d8585 by Endi S. Dewata at 2022-04-01T16:25:46-05:00
Update PKIDeployer.create_cert_setup_request() (part 1)
The PKIDeployer.create_cert_setup_request() has been modified
to set the SystemCertData.keySize and keyCurveName fields.
- - - - -
7a38601e by Endi S. Dewata at 2022-04-01T16:29:19-05:00
Update PKIDeployer.create_cert_setup_request() (part 2)
The PKIDeployer.create_cert_setup_request() has been modified
to set the SystemCertData.sslECDH field.
- - - - -
f430c16e by Endi S. Dewata at 2022-04-01T16:29:22-05:00
Update PKIDeployer.create_cert_setup_request() (part 3)
The PKIDeployer.create_cert_setup_request() has been modified
to set the SystemCertData.keyWrap field.
- - - - -
9adc8030 by Endi S. Dewata at 2022-04-01T16:29:48-05:00
Remove unused SystemCertData.ecType
- - - - -
8c4c419d by Endi S. Dewata at 2022-04-04T09:06:40-05:00
Consolidate RSA keypair usage constants
- - - - -
14c5c702 by Endi S. Dewata at 2022-04-04T09:06:40-05:00
Add pki nss-cert-request --key-wrap
The pki nss-cert-request --key-wrap option has been added to
generate an RSA key for wrapping/unwrapping. This is similar to
PKCS10Client -w option. There are no corresponding options in
CRMFPopClient and pki client-cert-request. In the future these
tools could be consolidated for simplicity & consistency.
- - - - -
352654b5 by Endi S. Dewata at 2022-04-04T09:06:40-05:00
Add pki nss-cert-request --ssl-ecdh
The pki nss-cert-request --ssl-ecdh option has been added to
generate an EC key for SSL with ECDH ECDSA. This is similar to
PKCS10Client -x, CRMFPopClient -x, and pki client-cert-request
--ssl-ecdh options. In the future these tools could be
consolidated for simplicity & consistency.
- - - - -
e754c7d3 by Endi S. Dewata at 2022-04-04T09:10:39-05:00
Ignore banner prompts during installation
pkispawn has been modified to ignore banner prompts during
installation.
- - - - -
dd40ce3d by Endi S. Dewata at 2022-04-04T09:10:39-05:00
Add tests for installation with banners
The tests for installing sub CA and installing KRA, OCSP, TKS,
and TPS on separate instances have been modified to use banners.
- - - - -
7552d500 by Endi S. Dewata at 2022-04-04T10:42:42-05:00
Update TKS tests to use RSNv3
- - - - -
488f5317 by Endi S. Dewata at 2022-04-04T16:43:04-05:00
Update pki nss-cert-request
The pki nss-cert-request has been modified to support
hexadecimal key IDs with 0x prefix. A default value has
been added for the --curve parameter.
- - - - -
df33951b by Endi S. Dewata at 2022-04-04T17:03:31-05:00
Update NSSDatabase.find_cert_keys()
The NSSDatabase.find_cert_keys() has been modified such that
the cert nickname param is optional. It has also be renamed
to find_keys().
- - - - -
85852884 by Endi S. Dewata at 2022-04-04T18:05:26-05:00
Normalize key types in pkispawn
- - - - -
77583f04 by Endi S. Dewata at 2022-04-05T08:59:49-05:00
Clean up RSNv1 params
pkispawn has been modified to add RSNv1 params only if RSNv1 is
enabled. The RSNv1 test has been modified to perform migration
to RSNv3.
- - - - -
e653dfdd by Endi S. Dewata at 2022-04-05T14:12:26-05:00
Update CI tests to cache build artifacts
The CI tests have been modified to use cache action to
distribute build artifcats among the jobs which should
be faster than using upload/download actions.
- - - - -
c736cb0b by Endi S. Dewata at 2022-04-05T15:39:51-05:00
Add test_PKICertImport.bash into pki-tests
- - - - -
01ab075c by Endi S. Dewata at 2022-04-05T18:32:33-05:00
Update tools tests to run in containers
- - - - -
90f2361e by Endi S. Dewata at 2022-04-06T15:48:31-05:00
Fix cert/key ID encoding
Most of the code that generates hexadecimal cert/key IDs using
Hex.encodeHexString() or CryptoUtil.encodeKeyID() has been updated
to use Utils.HexEncode() for consistency except in legacy tools
for backward compatibility.
- - - - -
856f0ac4 by Endi S. Dewata at 2022-04-06T18:51:41-05:00
Update log messages in HttpConnection
- - - - -
507fe31f by Endi S. Dewata at 2022-04-06T18:58:34-05:00
Add null check for CryptoUtil.findPrivateKey()
- - - - -
21f4e83b by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.wizard package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
802d0f6a by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.ug package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
8d0f7686 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.task package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
6f1c53b3 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.status package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
b4716961 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.security
package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
a4d78eb2 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.notification
package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
e27c4169 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.misc package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
b8d9796c by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.menu package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
5c5d0bdf by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate PKI console com.netscape.admin.certsrv.{key,managecert}
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
bd9d972a by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.images package
* Add package-info.java to warn about removal at the package level.
- - - - -
66e50992 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.connection package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
5148593d by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.config.install
package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
d083fa65 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv.config package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
2639b969 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.admin.certsrv package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
afd1b477 by Chris Kelley at 2022-04-07T17:54:14+01:00
Deprecate the PKI console com.netscape.certsrv.client.connection package
* Add package-info.java to warn about removal at the package level.
* Add deprecation annotations and javadoc to each class.
- - - - -
cf7490f7 by Endi S. Dewata at 2022-04-07T12:27:14-05:00
Fix pylint issue
pki/server/deployment/__init__.py:873:19: E1101: Instance of
'SystemCertData' has no 'keyCurveName' member (no-member)
- - - - -
18a1d0c4 by Endi S. Dewata at 2022-04-08T08:14:42-05:00
Fix KeyId to preserve leading zeros
Previously KeyId was implemented using a BigInteger which
does not preserve leading zeros. This could cause a problem
when searching for a key in NSS database by its ID.
To fix the problem the KeyId has been modified to store the
ID as a byte array so it will preserve the leading zeros.
The KeyIdTest has been updated to test this scenario.
- - - - -
8052fae0 by Endi S. Dewata at 2022-04-08T16:35:19-05:00
Add pki-server http-connector-host-show
The pki-server http-connector-host-show has been added to
display the <SSLHostConfig> element in server.xml.
- - - - -
030b094a by Endi S. Dewata at 2022-04-08T16:35:19-05:00
Add pki-server http-connector-host-mod
The pki-server http-connector-host-mod has been added to
modify the <SSLHostConfig> element in server.xml.
- - - - -
684fb64b by Endi S. Dewata at 2022-04-08T17:07:44-05:00
Update log messages in ConnectorServlet.service()
- - - - -
97b20923 by Chris Kelley at 2022-04-11T15:07:28+01:00
Use "if connector is None" instead of "if not connector"
* Restarting tomcat I noticed a FutureWarning around the use of the "if
not <object>" syntax - so it would appear that behaviour is to change in
a future version of Python.
- - - - -
23b7afb0 by Christina Fu at 2022-04-11T10:48:41-07:00
Bug2071081 p12 passwd in debug
this patch comment the debug line out.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2071081
- - - - -
616b3d20 by Endi S. Dewata at 2022-04-11T14:17:54-05:00
Replace deprecated LDAPv2 with LDAPv3
- - - - -
0f059bda by Endi S. Dewata at 2022-04-11T16:31:08-05:00
Clean up log message in TokenService.changeTokenStatus()
- - - - -
81e31447 by Endi S. Dewata at 2022-04-11T16:48:02-05:00
Replace deprecated X509CertImpl.getSubjectDN() with getSubjectName()
- - - - -
5a8c0eb6 by Endi S. Dewata at 2022-04-11T16:54:52-05:00
Replace deprecate X509CertImpl.getIssuerDN() with getIssuerName()
- - - - -
fa549d98 by Endi S. Dewata at 2022-04-12T09:46:06-05:00
Fix cert/key ID handling in pki pkcs12 CLIs
The pki pkcs12-key-remove has been modified to use the KeyId
class which can handle hexadecimal key IDs with 0x prefix.
The pki pkcs12-cert-export/mod have been modified to strip the
0x prefix from cert IDs. In the future this code may be replaced
with CertId class that can handle hexadecimal cert IDs properly.
Resolves: https://github.com/dogtagpki/pki/issues/3974
- - - - -
f57c9fb5 by Christina Fu at 2022-04-12T11:51:27-07:00
Bug2072185 p12 password
this patch comments out 2 more locations of possible exposure.
bug ref: bugzilla.redhat.com/show_bug.cgi?id=2072185
- - - - -
5e9e1e7f by Endi S. Dewata at 2022-04-12T22:05:58-05:00
Remove redundant code
- - - - -
172c0b1d by Endi S. Dewata at 2022-04-12T22:14:48-05:00
Update version number to 11.2.0-beta1
- - - - -
9f353d72 by Chris Kelley at 2022-04-14T15:38:40+01:00
Fix login to TPS UI (and other /<subsystem>/ui pages)
Some accidental renaming occurred when mapping from XML to JSON; change
the JSON property names to match the original XML version.
- - - - -
eda1e598 by Chris Kelley at 2022-04-14T15:47:49+01:00
Remove com.netscape.certsrv.base.Link
- - - - -
34b3367f by Chris Kelley at 2022-04-14T16:11:10+01:00
Remove Locale from IExtendedPluginInfo.getExtendedPluginInfo signature
* The interface forces ~85 classes to needlessly carry around a Locale
object - it is only actually used in 2 places.
* Those 2 exceptions keep their Locales, with a no-arg implementation
that utilises the default Locale.
* One class doesn't actually implement the interface at all, now it does
* There are various classes that have identical method names but with
different signatures - I removed the unused args from those too.
* This could all be tidied up a bit better with more work on the
interface but this change is already sufficiently large.
* Also some clean up in AAclAuthz - which is how I started pulling on
this thread in the first place
- - - - -
5cd91977 by Endi S. Dewata at 2022-04-14T12:43:50-05:00
Fix build.sh --work-dir option
The build.sh --work-dir option has been updated to use the
provided package name by default.
- - - - -
41e26042 by Endi S. Dewata at 2022-04-14T13:56:17-05:00
Drop obsolete conditionals in pki.spec
- - - - -
16ad44df by Endi S. Dewata at 2022-04-14T14:26:44-05:00
Add base/meta
The code in pki.spec that creates the README for the meta
package has been converted into CMake script in base/meta.
- - - - -
7840247b by Endi S. Dewata at 2022-04-14T14:44:03-05:00
Remove redundant BUILD_PKI_CORE option
- - - - -
8efeeac3 by Endi S. Dewata at 2022-04-14T15:04:59-05:00
Rename BUILD_PKI_CONSOLE to WITH_CONSOLE
- - - - -
38d7caa2 by Endi S. Dewata at 2022-04-14T15:54:03-05:00
Move jboss-logging.jar link creation into CMake
- - - - -
a3b76b63 by Endi S. Dewata at 2022-04-14T15:54:46-05:00
Move javax.annotations-api.jar link creation into CMake
- - - - -
b23c4201 by Endi S. Dewata at 2022-04-14T16:22:07-05:00
Remove redundant JAVA_VERSION parameter
- - - - -
3e0ba124 by Endi S. Dewata at 2022-04-14T17:20:02-05:00
Fix Javadoc warnings
- - - - -
f444154c by Endi S. Dewata at 2022-04-18T09:33:47-05:00
Rename WITH_TEST to RUN_TESTS
The WITH_TEST option for CMake has been renamed into RUN_TESTS
for clarity.
- - - - -
2e547178 by Endi S. Dewata at 2022-04-18T09:33:51-05:00
Add WITH_TESTS option for CMake
The WITH_TESTS option for CMake has been added for creating the
tests package.
- - - - -
eec86850 by Endi S. Dewata at 2022-04-18T13:09:37-05:00
Clean up WITH_SERVER option
The spec file and the CMake script have been modified to
require the server package to build subsystem packages.
- - - - -
594ea8ca by Chris Kelley at 2022-04-19T13:31:25+01:00
Make CertificateAuthority implement IAuthority directly
* This gives CertificateAuthority a similar inheritance hierarchy to the
other subsystem authorities
* It was necessary to move RequestInQListener into base/ca once this
class directly referenced CeritificateAuthority.
- - - - -
bff754ed by Endi S. Dewata at 2022-04-19T15:33:20-05:00
Bump Tomcat JSS dependency
- - - - -
fbcefb25 by Endi S. Dewata at 2022-04-19T16:47:14-05:00
Clean up usages and usages masks
- - - - -
da895b41 by Endi S. Dewata at 2022-04-19T19:49:58-05:00
Add pki nss-key-create
The pki nss-key-create has been added to create a key pair
in NSS database just like pki nss-cert-request but without
creating a CSR.
- - - - -
60c057b2 by Endi S. Dewata at 2022-04-19T19:49:58-05:00
Add NSSDatabase.create_key()
The NSSDatabase.create_key() has been added to create a key
pair in NSS database using pki nss-key-create.
- - - - -
273f2f59 by Endi S. Dewata at 2022-04-19T19:49:58-05:00
Add PKIDeployer.create_cert_key()
The PKIDeployer.create_cert_key() has been added to create
the cert key locally instead of remotely on the server (i.e.
in SystemConfigService.createRequest()).
- - - - -
88bd351a by Endi S. Dewata at 2022-04-19T19:49:58-05:00
Clean up SystemConfigService.createRequest()
The code in SystemConfigService.createRequest() that creates
a new key pair has been removed since it has become redundant.
- - - - -
3e6b1ac0 by Chris Kelley at 2022-04-20T17:46:51+01:00
Make dates displayed in /ca/ui page human readable.
- - - - -
6ddfa23a by Chris Kelley at 2022-04-20T17:46:51+01:00
Fix display of token parameters in web UI
- - - - -
dafd1238 by Chris Kelley at 2022-04-20T17:46:51+01:00
Make timestamps human readable in /tps/ui/tokens
- - - - -
0877d9dc by Endi S. Dewata at 2022-04-20T15:14:12-05:00
Add PKIDeployment.create_cert_request()
The code that calls the server to create the cert request
has been moved into PKIDeployment.create_cert_request().
- - - - -
9b92e682 by Endi S. Dewata at 2022-04-20T15:16:33-05:00
Add PKIDeployment.create_cert()
The code that calls the server to create the cert has been
moved into PKIDeployment.create_cert().
- - - - -
5432438d by Chris Kelley at 2022-04-21T14:55:19+01:00
Fix Activity data in TPS UI
- - - - -
050aef1d by Chris Kelley at 2022-04-21T18:10:06+01:00
Split ca-tests.yml into two runs.
The runner is getting memory-stressed which is causing intermittent test
failures. Breaking up the number of jobs should reduce the burden on the
runner and prevent this from happening.
- - - - -
ffa401d2 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Move get_key_params() into PKIDeployer
- - - - -
fc2f5a10 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Update configuration.py to use PKIDeployer.get_key_params()
- - - - -
97daf9a3 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add curve and hash_alg to NSSDatabase.__create_request()
- - - - -
cc1a5df9 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add key_id and cka_id to NSSDatabase.__create_request()
- - - - -
d4f1889d by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add basic_constraints_ext to NSSDatabase.__create_request()
- - - - -
63b80272 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add key_usage_ext to NSSDatabase.__create_request()
- - - - -
be2cfe42 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add extended_key_usage_ext to NSSDatabase.__create_request()
- - - - -
d4f7da2d by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add subject_key_id to NSSDatabase.__create_request()
- - - - -
01155ca8 by Endi S. Dewata at 2022-04-25T12:20:52-05:00
Add generic_exts to NSSDatabase.__create_request()
- - - - -
8bd4c943 by Endi S. Dewata at 2022-04-25T14:01:23-05:00
Move generate_csr() into PKIDeployer
- - - - -
1bfd8f93 by Endi S. Dewata at 2022-04-25T14:01:23-05:00
Update PKIDeployer.generate_csr() to use JSS
- - - - -
a32b0bf7 by Endi S. Dewata at 2022-04-25T14:01:23-05:00
Refactor SystemConfigService.createRequest()
The code in SystemConfigService.createRequest() that generates a
cert request has been moved into PKIDeployer.create_cert_request().
- - - - -
3ec129da by Endi S. Dewata at 2022-04-25T14:01:23-05:00
Remove unused SystemConfigService.createRequest()
- - - - -
5545aa75 by Endi S. Dewata at 2022-04-25T16:34:00-05:00
Move create_temp_sslserver_cert() into PKIDeployer
- - - - -
3797c13a by Endi S. Dewata at 2022-04-25T16:39:02-05:00
Move remove_temp_sslserver_cert() into PKIDeployer
- - - - -
80f759c7 by Endi S. Dewata at 2022-04-25T16:43:17-05:00
Move import_perm_sslserver_cert() into PKIDeployer
- - - - -
b4ea92cc by Endi S. Dewata at 2022-04-25T17:18:19-05:00
Update log messages in CryptoUtil
- - - - -
95bd10f0 by Endi S. Dewata at 2022-04-25T17:18:19-05:00
Update log messages in NSSDatabase
- - - - -
bf2277e1 by Endi S. Dewata at 2022-04-25T17:19:06-05:00
Update log messages in RequestRepository
- - - - -
df20db20 by Endi S. Dewata at 2022-04-25T17:19:06-05:00
Update log messages in CertRequestRepository
- - - - -
87d724a0 by Endi S. Dewata at 2022-04-25T17:22:25-05:00
Update log messages in CertificateRepository
- - - - -
9868b6b4 by Endi S. Dewata at 2022-04-25T17:46:05-05:00
Update log messages in LDAPConfigurator
- - - - -
1d1b7385 by Endi S. Dewata at 2022-04-25T17:46:05-05:00
Update log messages in CACertClient
- - - - -
a5460310 by Endi S. Dewata at 2022-04-25T17:46:05-05:00
Update log messages in SubsystemCLI
- - - - -
471689b4 by Endi S. Dewata at 2022-04-26T14:06:04-05:00
Clean up PKIDeployer.setup_system_certs()
The PKIDeployer.setup_system_certs() has been modified to
set up the system certs one by one.
- - - - -
6547155c by Endi S. Dewata at 2022-04-26T14:10:31-05:00
Clean up PKIDeployer.setup_system_cert()
The PKIDeployer.setup_system_cert() has been modified to
search for cert keys only if the cert exists.
- - - - -
9c5f63cb by Endi S. Dewata at 2022-04-26T14:13:05-05:00
Update log messages in pki-server ca-cert-import
- - - - -
223c88f3 by Endi S. Dewata at 2022-04-26T15:21:36-05:00
Refactor CAConfigurator.createCert()
The code in CAConfigurator.createCert() that imports the cert
into database has been moved into PKIDeployer.import_cert().
- - - - -
e7bf143f by Endi S. Dewata at 2022-04-26T15:21:36-05:00
Remove unused CAConfigurator.createCertRecord()
- - - - -
00300fb1 by Endi S. Dewata at 2022-04-26T16:15:55-05:00
Move ConfigClient.set_system_cert_info() to PKIDeployer
- - - - -
2253aace by Endi S. Dewata at 2022-04-26T16:15:58-05:00
Merge ConfigClient.set_ca_signing_cert_info() into PKIDeployer
- - - - -
08ae564e by Endi S. Dewata at 2022-04-26T16:16:02-05:00
Merge ConfigClient.set_ocsp_signing_cert_info() into PKIDeployer
- - - - -
f1e647c2 by Endi S. Dewata at 2022-04-26T16:16:06-05:00
Merge ConfigClient.set_storage_cert_info() into PKIDeployer
- - - - -
044fc9ba by Endi S. Dewata at 2022-04-26T16:17:40-05:00
Merge ConfigClient.set_transport_cert_info() into PKIDeployer
- - - - -
1d357d72 by Endi S. Dewata at 2022-04-26T16:18:57-05:00
Merge ConfigClient.set_audit_signing_cert_info() into PKIDeployer
- - - - -
488f8aba by Endi S. Dewata at 2022-04-26T16:26:54-05:00
Merge ConfigClient.set_sslserver_cert_info() into PKIDeployer
- - - - -
1fee8425 by Endi S. Dewata at 2022-04-26T16:27:42-05:00
Merge ConfigClient.set_subsystem_cert_info() into PKIDeployer
- - - - -
9830b66a by Endi S. Dewata at 2022-04-26T17:04:36-05:00
Merge ConfigClient.create_system_cert() into PKIDeployer
- - - - -
a072dd26 by Endi S. Dewata at 2022-04-26T17:06:11-05:00
Remove unused ConfigClient
- - - - -
45791fef by Endi S. Dewata at 2022-04-26T19:01:47-05:00
Clean up PKISubsystem.get_cert_info()
- - - - -
c86f7257 by Endi S. Dewata at 2022-04-26T19:07:58-05:00
Clean up PKISubsystem.get_nssdb_cert_info()
- - - - -
5d563b7c by Endi S. Dewata at 2022-04-26T21:45:31-05:00
Clean up PKISubsystem.get_subsystem_cert()
- - - - -
94f31922 by Endi S. Dewata at 2022-04-26T21:46:36-05:00
Add SystemCertData.certID
- - - - -
b1e27202 by Endi S. Dewata at 2022-04-26T21:46:36-05:00
Refactor CAConfigurator.createCert()
The CAConfigurator.createCert() has been modified to take
a cert ID.
- - - - -
6d4993f8 by Endi S. Dewata at 2022-04-26T21:46:36-05:00
Move CAConfigurator.createRequestID() into CAInstallerService
- - - - -
b71edf6d by Endi S. Dewata at 2022-04-26T21:46:36-05:00
Move CAConfigurator.createCertID() into CAInstallerService
- - - - -
68791a31 by Endi S. Dewata at 2022-04-26T21:46:36-05:00
Move CAConfigurator.createCert() into CAInstallerService
- - - - -
1b710d74 by Endi S. Dewata at 2022-04-26T21:51:27-05:00
Move CAConfigurator.initSubsystem() into CAInstallerService
- - - - -
999facff by Endi S. Dewata at 2022-04-26T21:53:47-05:00
Move SystemConfigService.validatePin() into CAInstallerService
- - - - -
ac58c79d by Endi S. Dewata at 2022-04-26T21:53:47-05:00
Remove unused SystemCertData.tag
- - - - -
646f8ee8 by Chris Kelley at 2022-04-28T07:22:04+01:00
Remove unused parameters from process methods.
- - - - -
e3f7e845 by Chris Kelley at 2022-04-29T17:37:49+01:00
Fix TPS /ui/certs/ dates to be human readable.
- - - - -
f646ff66 by Endi S. Dewata at 2022-04-29T13:31:25-05:00
Add RPM macros for timestamp and commit ID
- - - - -
f2bdbf24 by Endi S. Dewata at 2022-04-29T13:31:25-05:00
Add RPM macro for development phase
- - - - -
6db542f0 by Endi S. Dewata at 2022-04-29T13:31:25-05:00
Add RPM macros for version and release numbers
- - - - -
ae9556d7 by Endi S. Dewata at 2022-05-02T11:09:10-05:00
Update version number to 11.2.0-beta2
- - - - -
8563b013 by Chris Kelley at 2022-05-03T08:01:18+01:00
Remove unnecessary Locale parameter from CertUtils.parseKeyGen()
- - - - -
5ced1079 by Chris Kelley at 2022-05-03T08:01:18+01:00
Remove unused methods from Profile.
- - - - -
0c70167e by Christina Fu at 2022-05-03T14:41:19-07:00
Bug2072185-p12-passwd-http-GET-params
This patch handles the p12 passwd missed in GET
fixes https://bugzilla.redhat.com/show_bug.cgi?id=2072185
- - - - -
00bb6c3a by Chris Kelley at 2022-05-04T13:55:15+01:00
Tidy up in CertificateVersionDefault
* Remove unnecessary else clauses
* Introduce CMS_INVALID_PROPERTY static constant
* Combine identical catch blocks
* Use Integer.parseInt()
* Prefer blocks to statements
* Fill an empty catch where we subsequently check for null
* Tidy up formatting/whitespace
* Put array designator on the type
- - - - -
537b10b9 by Chris Kelley at 2022-05-05T07:25:55+01:00
Use SHA-256 for authentication methods
- - - - -
d778e96a by Chris Kelley at 2022-05-05T07:28:21+01:00
Add code field to TPSStatus enum
* There is an epic switch statement that sets an integer value based on
the TPSStatus. Instead have the integer as a field in the enum to save
the unnecessary boilerplate.
* At first glance it appears that the new field is also unnecessary and
we can just use the status.ordinal() value but we can't as two of the
enum entries have the same code value
- - - - -
73b18627 by Chris Kelley at 2022-05-05T14:40:37+01:00
Fix typo bug in KeyService.auditKeyInfoSuccess()
The current implementation ignores the KeyId parameter passed in and
uses an internal field of KeyService instead. It seems unlikely this was
the intention, it is likely that this is a typo that was missed because
the erroneous variable happened to exist and the code compiled. The
implementation was changed to use the parameter instead.
- - - - -
e5a4e4aa by Chris Kelley at 2022-05-05T17:27:03+01:00
Replace Assert.assert* methods with assert* static imports
In JUnit 5 org.junit.Assert is replaced with
org.junit.jupiter.api.Assertions. Migrating seems like it could be a big
diff but we can make it a bit smaller by using static imports now. That
way when we migrate the method signature in the calling code is the
same, it is only the import which needs to change.
- - - - -
cce88875 by Chris Kelley at 2022-05-05T17:37:01+01:00
Tidy up ACLEntry
* Replace for loops that are actually while loops with while loops
* Remove unnecessary Boolean literal comparison
* Rename Type enum entries to match the JLS
* Make empty class constructor private to prevent instantiation
* Simplify checkPermission by not returning Boolean literals
- - - - -
0136904c by Chris Kelley at 2022-05-06T12:59:35+01:00
Tidy up AAclAuthz
* Make logger final
* Rename EvalutionOrder enum entries to match JLS
* Remove unnecessary semicolon
* Make empty constructor protected
* Remove overridden shutdown method to simply inherit it
* Put array designator on type not the variable
* Drastically simplify evaluateExp by stripping it of Boolean literals
* Use while loop for for loops that are actually while loops
* Prefer isEmpty() to checking size()
- - - - -
1a06cbe2 by Endi S. Dewata at 2022-05-10T19:15:29-05:00
Fix COPR build failure
The .copr/Makefile has been updated to fix COPR build failure
caused by changes in Git 2.35.2:
fatal: unsafe repository (<current dir> is owned by someone else)
https://stackoverflow.com/questions/71901632/fatal-unsafe-repository-home-repon-is-owned-by-someone-else
- - - - -
a6697aca by Chris Kelley at 2022-05-10T20:04:46-05:00
Update version to 11.2.0-0.4.beta3
- - - - -
76a69455 by Endi S. Dewata at 2022-05-12T16:40:43-05:00
Add issuer param for NSSDatabase.__create_cert()
- - - - -
ed5781e8 by Endi S. Dewata at 2022-05-12T16:40:43-05:00
Update NSSDatabase.__create_cert()
The NSSDatabase.__create_cert() has been updated to create
a temporary file to store the cert extension config.
- - - - -
4d9ab3a4 by Endi S. Dewata at 2022-05-17T20:18:43+01:00
Add NSSDatabase.__create_basic_constraints_ext()
The code that creates the basic constraints extension config has
been moved into NSSDatabase.__create_basic_constraints_ext() such
that it can be reused by __create_cert().
- - - - -
b50aa325 by Endi S. Dewata at 2022-05-17T20:18:43+01:00
Add NSSDatabase.__create_key_usage_ext()
The code that creates the key usage extension config has been
moved into NSSDatabase.__create_key_usage_ext() such that it can
be reused by __create_cert().
- - - - -
2927d4fe by Endi S. Dewata at 2022-05-17T20:18:43+01:00
Add NSSDatabase.__create_extended_key_usage_ext()
The code that creates the extended key usage extension config has
been moved into NSSDatabase.__create_extended_key_usage_ext() such
that it can be reused by __create_cert().
- - - - -
fa492e1f by Endi S. Dewata at 2022-05-17T20:18:43+01:00
Add NSSDatabase.__create_ski_ext()
The code that generates the subject key ID extension config has
been moved into NSSDatabase.__create_ski_ext() such that it can
be reused by __create_cert().
- - - - -
f67eefa7 by Endi S. Dewata at 2022-05-18T15:36:34+01:00
Add NSSDatabase.__create_aki_ext()
The NSSDatabase.__create_aki_ext() has been added to generate
the authority key ID extension config for __create_cert().
- - - - -
8cb01a92 by Endi S. Dewata at 2022-05-18T15:36:34+01:00
Add NSSDatabase.__create_aia_ext()
The NSSDatabase.__create_aia_ext() has been added to generate the
authority info access extension config for __create_cert().
- - - - -
73cecf9b by Endi S. Dewata at 2022-05-18T15:36:34+01:00
Update PKISubsystem.temp_cert_create()
The PKISubsystem.temp_cert_create() has been modified to use JSS
(i.e. pki nss-cert-create) instead of NSS (i.e. certutil) to
generate a temporary SSL server cert since certutil is unable to
handle large serial numbers.
Resolves: https://github.com/dogtagpki/pki/issues/3996
- - - - -
f9ba9006 by Endi S. Dewata at 2022-05-18T18:48:23+01:00
Fix installation with RSA/PSS
The pki ca-cert-import and pki nss-cert-import CLIs have been
modified to parse the cert data after initializing JSS to ensure
that it works with RSA/PSS.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2083575
- - - - -
9a1be7c2 by Endi S. Dewata at 2022-05-18T18:48:23+01:00
Add test for installing CA with RSA/PSS
- - - - -
4b165d90 by Endi S. Dewata at 2022-05-18T18:48:23+01:00
Add doc for installing CA with RSA/PSS
- - - - -
3b5319a9 by Chris Kelley at 2022-06-09T15:41:49+01:00
Fix serial type in nss-cert-issue request in nssdb.py
The command expects a str input but we were providing numerical input.
We didn't notice before as this code path had no coverage but now we use
JSS instead of NSS for issuing temporary certs we now have coverage of
this method, unearthing this issue.
- - - - -
44182da1 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pki-lint script
Previously the pki-lint script relied on sysconfig.get_path()
to get the RPM installation path of PKI module. In Fedora 36
the method no longer returns the RPM installation path so the
Python test has failed.
To fix the problem the pki-lint script has been modified to
go through sys.path entries to find the PKI module installed
on the system.
https://docs.fedoraproject.org/en-US/fedora/f36/release-notes/developers/Development_Python/
- - - - -
6516145a by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki module
- - - - -
b04a896b by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.cli.pkcs12 module
- - - - -
14aa546b by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.nssdb module
- - - - -
f48d811b by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.pkcs12 module
- - - - -
890be1b2 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.profile module
- - - - -
566ae017 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server module
- - - - -
50e30beb by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server.cli.audit module
- - - - -
42320ad9 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server.cli.banner module
- - - - -
e8e55915 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server.cli.cert module
- - - - -
cfa7272c by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server.cli.nss module
- - - - -
8c7f1519 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server.cli.nuxwdog module
- - - - -
3aed2e33 by Endi S. Dewata at 2022-06-09T16:49:37+01:00
Fix pylint warnings in pki.server.cli.subsystem module
- - - - -
a771a3f9 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.deployment module
- - - - -
096405cf by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.deployment.pkihelper module
- - - - -
b9d3923b by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.deployment.pkimanifest module
- - - - -
cacfbeaf by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.deployment.pkiparser module
- - - - -
9ebd4524 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.deployment.scriptlets module
- - - - -
615cb9d0 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.instance module
- - - - -
67a4fd1b by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.pkidestroy module
- - - - -
dd86f825 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.server.subsystem module
- - - - -
12e37d78 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.upgrade module
- - - - -
6b422915 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in pki.util module
- - - - -
4ddf0e71 by Endi S. Dewata at 2022-06-09T16:49:38+01:00
Fix pylint warnings in upgrade scripts
- - - - -
ac24623d by Endi S. Dewata at 2022-06-09T17:20:20+01:00
Update OCSP test
The latest OpenSSL OCSP client generates additional error
messages when it talks to an OCSP responder that does not
have any CRLs. The OCSP test has been updated to expect the
extra messages.
- - - - -
dc5dec3a by Endi S. Dewata at 2022-06-15T08:38:44-05:00
Update IPA test
The IPA test has been updated to check the certs for DS, PKI,
and HTTPD.
- - - - -
b6cd80e3 by Chris Kelley at 2022-06-16T18:01:20+01:00
Fix incorrect record parsing in EnrollDefault
Some refactoring to improve the code caused a regression.
The original code is restored, with the exception of the unnecessary else clause.
- - - - -
08af82c8 by Endi S. Dewata at 2022-06-21T12:09:03-05:00
Fix missing SKI in CSR
The NSSCertRequestCLI has been modified to provide a public key
to the NSSExtensionGenerator such that it can be used to generate
an SKI extension for the CSR.
The NSSExtensionGenerator.createExtensions() has been extended
to support CSR (with subject key) and cert (with issuer and
request).
The NSSExtensionGenerator.createSKIDExtension() has been modified
to take a subject key instead of PKCS10 object.
The preop.cert.signing.subject_key_id config param is no longer
needed since the value is only used within the same process (i.e.
pkispawn) so it has been removed.
The CA test has been updated to validate pki_req_ski=DEFAULT. The
support for pki_req_ski=<hex> will be restored separately later.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2099312
- - - - -
58a397a0 by Endi S. Dewata at 2022-06-23T14:53:25-05:00
Restore support for custom SKI in CSR
The NSSExtensionGenerator.createSKIDExtension() has been updated
to support custom (user-provided) SKI.
The Python code has been updated to transform the hex value from
pki_req_ski into the format required by NSSExtensionGenerator.
The CA test has been updated to use pki_req_ski=<hex>, but for
now the result will need to be validated manually in the CI.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2099312
- - - - -
9a3e9e59 by Endi S. Dewata at 2022-06-28T11:17:01-05:00
Add error message for pki ca-profile-add
The pki ca-profile-add has been modified to display an error
message instead of generating an exception if the input file
does not exist.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2015151
- - - - -
d0d9cd91 by Endi S. Dewata at 2022-06-29T19:38:33-05:00
Update version number to 11.2.0
- - - - -
1d983970 by Chris Kelley at 2022-07-14T15:51:14+01:00
Disable access to external entities when parsing XML
This reduces the vulnerability of XML parsers to XXE (XML external
entity) injection.
The best way to prevent XXE is to stop using XML altogether, which we do
plan to do. Until that happens I consider it worthwhile to tighten the
security here though.
- - - - -
6beb1bd2 by Chris Kelley at 2022-08-04T06:48:51+01:00
Update version to 11.2.1
- - - - -
4 changed files:
- .classpath
- .copr/Makefile
- .github/workflows/acme-tests.yml
- .github/workflows/ca-tests.yml
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/56b5dcba10fc56797a00660b18d90dd4d762ff74...6beb1bd260c14868f6c5b761185016d0d6826e1a
--
View it on GitLab: https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/56b5dcba10fc56797a00660b18d90dd4d762ff74...6beb1bd260c14868f6c5b761185016d0d6826e1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20230220/12489a20/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list