[Pkg-freeipa-devel] pki: Changes to 'debian-experimental'

Timo Aaltonen tjaalton-guest at alioth.debian.org
Tue Jul 3 09:49:32 UTC 2012


New branch 'debian-experimental' available with the following commits:
commit fc546c7ae8bd837e07baaf5798be66eb7644ea29
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Jul 3 12:47:17 2012 +0300

    control: Add junit4 to Build-Depends.

commit 9dd3ca068594cd0e4170e5e7be5025eed82c739a
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Jul 3 12:36:17 2012 +0300

    control: Add  libhttpclient-java, libjavassist-java and libjettison-java to pki-common Depends.

commit 74c868cac633a4554385688e9993050ad018cb07
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Jul 3 12:20:30 2012 +0300

    Refresh debian-support.diff.

commit 034b276c6fd6a077d84a3167edb334bfcc06a0f0
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Jul 3 11:45:35 2012 +0300

    drop get-rid-of-osutil.diff, update the changelog

commit 05b763b9e486551d8c7a091be06b650fb518622c
Merge: 89c88b6 5c93ef1
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Jul 3 11:24:33 2012 +0300

    Merge branch 'debian-unstable' into debian-experimental

commit 89c88b6885333be811f4d7f080933951d232fd3a
Merge: 0f3451b bde3a10
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Jul 3 11:24:30 2012 +0300

    Merge branch 'upstream-unstable' into debian-experimental

commit 0f3451befbc14bd6ec29d9e1e3845f970f288653
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Tue Jun 26 15:37:15 2012 -0400

    LeftOver Cases in Resource Leaks and NULL_RETURNS

commit 10502e34a10fb3b672aef1161cc271003c7806ba
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Wed Jun 27 14:27:55 2012 -0400

    Fixes for Guarded_By_Violation issues shown in Coverity

commit d2b06ee1f9fcc42be83f04f64559cfa6317bda67
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri Jun 22 17:25:32 2012 -0400

    Fix for handling null object value passed to DBAttrMapper as part of Coverity fix for Forward NULL cases in DogTag 10.

commit eb4b46f25ca8dec8ac79c26cfb02e8918000c88e
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Thu Jun 21 09:44:15 2012 -0400

    Fixes for Forward Null Cases in Coverity for DogTag10
    
    Addressed review coments.

commit 1eba8264adbe42115caac4db655d450a99791ceb
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Thu Jun 7 03:16:37 2012 -0500

    Added REST error handler.
    
    A new getEntity() method has been added to obtain the entity from
    a Response object and also map HTTP errors into exceptions.
    
    Ticket #161

commit 4ccfcebe532b97607cfab406a1fa900070573f24
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Jun 18 18:51:51 2012 -0500

    Fixed problem removing user certificate.
    
    Generally the user LDAP entry does not contain a seeAlso attribute
    unless it's a special database user. The UGSubsystem.removeUserCert()
    would fail because it tried to remove the seeAlso attribute. Now the
    code has been fixed to remove the seeAlso using a separate modify
    operation and ignore the error if it fails due to missing attribute.
    
    Ticket #182

commit 8a8436f73d4c4edd10b43313b724f32ccb7b957e
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Wed Jun 20 13:56:57 2012 -0400

    Fixes for Coverity issues of type Resource Leaks - Remaining

commit de3aaef15e9b1f192344019f52d6c80860055b5e
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Mon Jun 18 14:08:21 2012 -0400

    Fixes for Resource Leaks shown in Coverity for DogTag 10

commit 3153fa5ba15d402b4729a649737d02eead5a5064
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri Jun 15 03:09:57 2012 -0500

    Fixed equals() and hashCode() in X500Name and RDN.
    
    The X500Name and RDN have been modified to fix the incorrect method
    signature for equals() and the missing hashCode().
    
    Ticket #206

commit d5d0b91bc5597eec19520cee74569e9ddacc2090
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri Jun 15 10:28:40 2012 -0400

    Fixes for Coverity Issues of type Null Returns - Part 3

commit 4880d86856d183d4ba3fb0291519353ac238af5d
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri Jun 15 09:58:40 2012 -0500

    Fixed null pointer exception in pkisilent on connection error.
    
    Previously HTTPClient.sslConnect() would return a null if there is
    a connection issue. Some code in pkisilent did not check the return
    value properly so it would throw an exception. The sslConnect() has
    been modified to throw an exception instead.
    
    Ticket #180

commit 10326ad4fe1b3db620f43feb3f47c4fd008f3f33
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Mon Jun 11 16:21:26 2012 -0400

    Fixes for Coverity issues of type Stringbuffer, NO_EQUALS_METHOD , REVERSE_INULL,Wrong_Map_Iterators

commit c53ca291e21761f1de5417ef596afba395a7f5d1
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Wed Jun 6 16:55:54 2012 -0400

    Fixes for NULL_RETURNS Coverity Issues - Part 2

commit 084a8cd360c7508febde06415d727d7d247b16ad
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Tue Jun 5 15:14:04 2012 -0400

    Minor Fix In a CertificateInfo class

commit 4a012010233b0a5fd613c9d7734ee01be64e3834
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Tue Jun 5 12:16:51 2012 -0400

    Fixes for NULL_RETURN cases review comments

commit c2128339ba046ceb7ab32954ae07dbb4b41d4e73
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Thu May 31 17:04:47 2012 -0400

    Fixes for Null_Returns Cases - 1 For Commit

commit 500fe4441a5d458818138cc9b536c3b19ac23dc8
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Tue May 29 14:53:35 2012 -0400

    Patch with fixes for review comments 0529

commit 2588e04ce15d8ce932900cb7b5d75e894082db46
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Thu May 24 16:11:53 2012 -0400

    Fixes for Coverity Issues CALL_SUPER,UNCONFIRMEDCAST,DEAD_STORE,TOSTRING_ARRAY

commit b6967b3b2b850e4158bd1fb6cee418e714053e30
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Sat May 19 11:19:07 2012 -0500

    Added group CLI.
    
    This patch provides a tool to manage groups and group members via
    command line.
    
    Ticket #160

commit afa68fa3c69d1617a312f1f2f75f7e6c27bb06c7
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Sat May 19 11:12:12 2012 -0500

    Added group REST service.
    
    The group REST service is based on UsrGrpAdminServlet. It provides an interface
    to manage groups and group members.
    
    Ticket #160

commit 770cc205a0108be22922c46a39d162dc31c55724
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Sat May 19 11:16:53 2012 -0500

    Added user CLI.
    
    The user CLI provides a tool to manage users and user certificates.
    
    Ticket #160

commit ae03c6bdf570cb36a1b139aeb0e467081665459e
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Sat May 19 11:05:20 2012 -0500

    Added user REST service.
    
    The user REST service is based on UsrGrpAdminServlet. It provides an interface
    to manage users and user certificates.
    
    Ticket #160

commit 83bca19f80ea0deef4034e80a559ffa88da44a1a
Author: Andrew Wnuk <awnuk at redhat.com>
Date:   Wed May 30 14:03:51 2012 -0700

    PerLDAP workaround
    
    Ticket #373
    
    This fix just appends a dummy value to the array, which consumes the error 53.
    Patch provided by mreynolds.

commit dea08dd220858fa067d1975dc82e5b182351d276
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Thu May 24 17:48:41 2012 -0500

    Refactored AdminServlet.
    
    The AdminServlet has been modified to use the new Auditor service.
    
    Ticket #160

commit 74ec77c4d2b22fbafb86a3252c72b1999f1d3ecb
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Sat May 19 10:52:07 2012 -0500

    Added Auditor service.
    
    A new Auditor service has been added to replace the audit service that was
    previously only available to subclasses of AdminServlet. The new service
    can be used by other components including REST services. The AdminServlet
    will be modified to use the Auditor service separately.
    
    Ticket #160

commit 2408c5ee1bc64667b5d08be17386d27936174860
Author: Christina Fu <cfu at redhat.com>
Date:   Sun May 27 15:12:44 2012 -0700

    Bug 823618 - TPS installation wizard (ECC): admin certificate panel needs to support ECC
    This patch allows TPS administrators to enroll for EC cert during installation wizard.  It follows the same implementation as the Java subsystems and defaults to nistp256

commit 4a263b8db27208413acd0f038ea67629d5ee27bb
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Wed May 23 18:59:06 2012 -0700

    PKI Deployment Scriptlets
    
    * Integration of Tomcat 7
    * Addition of centralized 'pki-tomcatd' systemd functionality to the
      PKI Deployment strategy
    * Removal of 'pki_flavor' attribute

commit 2408bec41a56378fcf942a68a1ab290464c001d7
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Wed May 23 13:46:25 2012 -0400

    Patch for fixes for Review Comments

commit be23c86db27b7f66ca16a10ae3ef3f043d1d4b27
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri May 18 17:59:50 2012 -0400

    Fixes for Coverity Defects of Category : FB.SBSC_USE_STRINGBUFFER_CONCATENATION --Remaining

commit 9db76ed1d1f8969e93aaff320e49662f53688e2e
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri May 18 16:12:17 2012 -0400

    Fixes for Coverity Defects of Category : FB.SBSC_USE_STRINGBUFFER_CONCATENATION

commit a4db0f39e257950a5c89203452c1184c7080e5bd
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri May 18 13:17:34 2012 -0400

    Fixes for Coverity Defects of Category : FB.DM_NUMBER_CTOR, FB.DM_STRING_CTOR, FB.DM_STRING_VOID_CTOR

commit 307199314968b85059de62fbb694bd62b2502f46
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri May 18 12:18:11 2012 -0400

    Fixes for Coverity Defects of Category : FB.DM_BOOLEAN_CTOR

commit a6fca9587905f455c4b0306b02d77334a295305e
Author: Abhishek Koneru <akoneru at redhat.com>
Date:   Fri May 18 11:44:45 2012 -0400

    Fixes for Coverity Defects of Category : FB.BC_VACUOUS_INSTANCEOF

commit 739c50ee20704128e0bf4605ba7ca392d95070a2
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri May 18 18:05:36 2012 -0500

    Added script to link JSS library.
    
    The JSS library uses different paths on 32-bit and 64-bit platforms.
    A script has been added to create a symbolic link such that Eclipse
    can use the library without changing the classpath file. The script
    could be extended further to simplify setting up the development
    environment such as installing the dependencies.
    
    Ticket #171

commit 924403a14e92112c3c3d696319759b65eb57a30c
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Fri May 18 10:52:06 2012 -0700

    PKI Deployment Scriptlets
    
    * Introduced concept of "admin-domain" originally as a
      separate folder, and later incorporated this concept
      into an optional instance prefix
    * Revised definition of <pki_instance_id> to be identified
      as "[<pki_admin_domain_name>-]<pki_instance_name>
    * Changed NSS security database model from one shared
      database by BOTH a single Tomcat AND single Apache instance
      into one per Tomcat instance (shared by CA/KRA/OCSP/TKS) and
      one per Apache instance (shared by RA/TPS)
    * Altered Configuration 'scriptlet' to invoke Jython for
      access to new Java configuration servlet
    * Renamed various "scriptlets" to comply with this new layout
    * Re-aligned code to account for revised layout documented at
      http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment

commit 488480629da8cd7c7263fab9773ef5860ad12947
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon May 14 14:50:54 2012 -0500

    Fixed missing httpcore.jar.
    
    The base/common/src/CMakeLists.txt has been fixed to include
    httpcore.jar in the class path.

commit b0bca63ac46e079e3a21ed1c4d6fd532966568d0
Author: Jack Magne <jmagne at dhcp-32-224.sjc.redhat.com>
Date:   Sun Apr 29 19:44:56 2012 -0700

    Provide CA EE Restful interface and test client.
    
    Tickets #144 and #145
    Providing the following:
    
    1. Simple EE restful interface for certificates, printing, listing and searching.
    2. Simple EE restful interface for certificate enrollment requests.
    3. Simple EE restful interface for profiles and profile properties.
    4. Simple Test client to exercise the functionality.
    5. Created restful client base class inherited by CARestClient and DRMRestClient.
    6. Provide simple restful implementations of new interfaces added.
    
    ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes
    in the DRM restful area.
    ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet.
    
    Provide CA EE Restful interface and test client review fixes.

commit 391d345b5a6a1a905e3db4105a65dd4fdd0d19a9
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Fri May 4 20:29:35 2012 -0700

    PKI Deployment Scriptlets
    
    * Re-aligned code to account for revised layout documented at
      http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment
    * Massaged logic to comply with PKI subsystem running within
      a shared instance
    * Developed code to take advantage of a single shared NSS security
      database model
    * Completed the following two 'scriptlets':
      * Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/146)
      * Dogtag 10: Python 'security_databases.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/136)
    * Created several additional PKI deployment helper utilities.

commit 9ad4d60592fdc37ae89672c29859b8463e183718
Author: Ade Lee <alee at redhat.com>
Date:   Mon May 7 11:14:30 2012 -0400

    BZ 819111 - non existent container ou=cmsusers breaks replication
    
    Added code to create container on master if it does not exist.

commit a1ef21445638aadd9d0f2b58000b11bd1ecb58f3
Author: Jack Magne <jmagne at dhcp-32-224.sjc.redhat.com>
Date:   Wed Apr 25 13:49:19 2012 -0700

    JNDI realm enhancement to handle multiple entry ACLs.
    
    Currently the realm only returns the last acl result in a multiple entry ACL. Since most of them only have one entry, this is mistly ok. This simple fix allows the code to handle multiple entries correctly.
    
    Ticket #123.

commit ac2dcb4573ad33f927c5dae49a6bd473592083c0
Author: Ade Lee <alee at redhat.com>
Date:   Fri May 4 13:43:10 2012 -0400

    Added dogtag doap

commit 786ebf45b0aae29323de68e6b40856b8799c6a20
Author: Christina Fu <cfu at redhat.com>
Date:   Wed May 2 16:02:02 2012 -0700

    Bug 744207 - Key archival fails when KRA is configured with lunasa
      - The real fix is in JSS alone;  This patch only adds better error handling and non-static salt.

commit 29f10d8050e2e401780ec4642f9ea1a4837b4a2d
Author: Ade Lee <alee at redhat.com>
Date:   Mon Apr 30 13:30:34 2012 -0400

    Removed obsolete installation servlets

commit 9aea1e939f6357eadf777c72ae3ef43275829427
Author: Ade Lee <alee at redhat.com>
Date:   Thu Apr 26 23:48:43 2012 -0400

    Refactor installation servlets to use common code in ConfigurationUtils
    
    Ticket #156

commit fbf472de7a4eb3d141c32821a417ec5331b53c97
Author: Christina Fu <cfu at redhat.com>
Date:   Tue May 1 16:49:07 2012 -0700

    Bug 640046 - TPS installation wizard: unsupported module not logged in with password in password.conf
    The issue was missing code to log into unsupported token that was not loged in.
    The patch added the code to allow login to unsupported token.

commit 80aff97bedf8c2ee5f58209f36f18ebbc475ccb1
Author: Ade Lee <alee at redhat.com>
Date:   Fri Apr 13 13:51:32 2012 -0400

    RESTful servlet to configure system in a single servlet.
    
    Installation code common to the panels and the installation servlet are extracted to a
    ConfigurationUtils file.  The panel code will be cleaned up to use the code in this
    class in a later commit.
    
    Contains restful client and test driver code.  The test driver code should be modified
    and placed in a junit/system test framework.  Installation has been tested to work with
    the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA
    signed by external CA (parts 1 and 2).
    
    Ticket #155

commit dd566ed3c64a69801a9edf3b27f11077aa40ecef
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Mon Apr 23 13:39:04 2012 -0700

    PKI Deployment Scriptlets
    
    * Completed the following six 'scriptlets':
      * Dogtag 10: Python 'initialization.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/147)
      * Dogtag 10: Python 'instance_layout.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/75)
      * Dogtag 10: Python 'webserver_layout.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/140)
      * Dogtag 10: Python 'subsystem_layout.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/141)
      * Dogtag 10: Python 'war_explosion.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/76)
      * Dogtag 10: Python 'finalization.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/148)
    * Created numerous PKI deployment helper utilities.
    * Augmented logging to provide indentation.
    * Generated logic for installation 'manifest'.
    * Tested logic using '--dry_run' option and '-p' prefix options.
    * Per initial review, removed numerous "constants" and consolidated
      logic into "master" dictionary.
    * Corrected the following ticket:
      * Dogtag 10: Fix 'build_dogtag_pki' script to account for 'pki-deploy' RPM
        (https://fedorahosted.org/pki/ticket/138)
        Resolves Bugzilla Bug #810047 - build_dogtag_pki fails with requirements
        for pki-deploy
        (https://bugzilla.redhat.com/show_bug.cgi?id=810047)
    * Created the following three 'scriptlets' as 'NOT YET IMPLEMENTED'
      place-holders:
      * Dogtag 10: Python 'security_databases.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/136)
      * Dogtag 10: Python 'slot_assignment.py' Installation Scriptlet
        (https://fedorahosted.org/pki/ticket/146)
      * Dogtag 10: Python 'configuration.py' Configuration Scriptlet
        (https://fedorahosted.org/pki/ticket/137)

commit 7741dd4a44f87012974e9849d35f1df0d56929c2
Author: Jack Magne <jmagne at dhcp-32-224.sjc.redhat.com>
Date:   Wed Apr 25 10:38:13 2012 -0700

    Fix DRMRestClient SSL connection implementation.
    
        Simple fix to get the DRMRestClient working under SSL again.
        Ticket #163.

commit c06433455e4b9f473415c198d9688927aaa93db6
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 12:46:13 2012 -0500

    Replaced key status update thread with executor service.
    
    The Thread.stop() is deprecated, so the key status update thread is now
    implemented with executor service to allow stopping the task gracefully.
    
    Ticket #3

commit 1eee69dddecd41703252d958a3bc1e5d08a21cd3
Author: Ade Lee <alee at redhat.com>
Date:   Mon Apr 16 16:17:25 2012 -0400

    BZ 813075 - added selinux rule for file size access

commit a037c056e49ef89aad93caa3b19ebb2faa8f4e83
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri Mar 30 13:46:25 2012 -0500

    Configured Eclipse to clean up on save.
    
    Eclipse has been configured to do the followings on save:
    - organize imports
    - remove unused imports
    - remove unnecessary casts
    - remove trailing white spaces on all lines
    
    These settings can be configured in PKI Project -> Properties ->
    Java Editor -> Save Actions.
    
    Ticket #134

commit 813611daa2f55b8d0bd0abc562ce7fddbb2d9322
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Apr 9 17:36:50 2012 -0500

    Removed deprecated resources.
    
    Some exceptions used deprecated resource class names as the bundle name,
    they have been replaced with string constants. The deprecated resource
    classes are no longer used, so they have been removed.
    
    Ticket #3

commit 7d88f4ee050856b8fef5f260cfe1b3aeec201fda
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Apr 9 13:56:59 2012 -0500

    Removed unused private fields.
    
    Most of unused private fields have been removed because they generate
    warnings in Eclipse. Some are kept because it might be useful later.
    
    Ticket #139

commit 3f24e55923fc986af4c6a08b2b8d45704a905627
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Thu Apr 5 15:08:18 2012 -0500

    Removed unnecessary type casts.
    
    Unnecessary type casts have been removed using Eclipse Quick Fix.
    
    Ticket #134

commit 7c7b9d023cd466c1771068badc020dab36beb553
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Thu Apr 5 14:49:11 2012 -0500

    Removed whitespaces from Java code.
    
    Whitespaces in Java code have been removed with the following command:
    
      find . -not -path .git -name *.java -exec sed -i 's/[[:blank:]]\+$//' {} \;
    
    Ticket #134

commit da1e6e2f49f66fd46c8039ff1aa4386309fba8f4
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Thu Mar 29 13:35:00 2012 -0500

    Removed deprecated Signer.
    
    The X500Signer has been modified to become an independent class.
    It's no longer a subclass of the deprecated Signer class.
    
    Ticket #3

commit 6a0047a5874c4e31b1994e0589b8f8a4007a31e9
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri Mar 30 14:18:21 2012 -0500

    Ignored VelocityServlet deprecation warnings.
    
    The VelocityServlet is deprecated but the replacement is not available
    in Fedora, so the warnings are ignored for now.
    
    Ticket #133

commit aaa9e554b6bfbcc315bab57651c0a017ce6adc4a
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri Mar 30 12:36:37 2012 -0500

    Undeprecated IRequest.asIAttrSet().
    
    The IRequest.asIAttrSet() is necessary and there is no replacement
    so it has been undeprecated.
    
    Ticket #3

commit 5609063edc813c278de130c8cbe54d6f700d5290
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 17:57:12 2012 -0500

    Replaced deprecated LDAPVirtualListResponse.parseResponse().
    
    The VLV control can be obtained directly from the list of response
    controls by checking its type.
    
    Ticket #3

commit 59fc17a56117020dc3ce6ca42993f5eedbb6ae09
Author: Christina Fu <cfu at redhat.com>
Date:   Thu Apr 5 17:39:51 2012 -0700

    pki-ui changes for Bug 745278 - [RFE] ECC encryption keys cannot be archived

commit 762f9674a0bd054dc81c8891fbb281b177a5f403
Author: Christina Fu <cfu at redhat.com>
Date:   Thu Apr 5 14:51:21 2012 -0700

    spec files for Bug 745278 - [RFE] ECC encryption keys cannot be archived

commit db4f081db1ea6eb38c185b34b118ed73c6a2b67d
Author: Christina Fu <cfu at redhat.com>
Date:   Thu Apr 5 13:37:01 2012 -0700

    Fix for Bug 745278 - [RFE] ECC encryption keys cannot be archived.
    
    For the ECC plan and the different phases, please refer to
    http://pki.fedoraproject.org/wiki/ECC_in_Dogtag
    Design for each phase is on the same wiki page.
    Note: the designs beyond phase 2 were more like a brain dump.  Although I said
    "Do Not Review," you are free to take a peak at what's intended down the road.
    I will go back and take a closer look and refine/adjust the designs when I
    begin implementation for each new phase.
    What you need to know:
    
    * Problem 1 - nethsm issue:
    On the server side, if you turn on FIPS mode, in addition to nethsm, you need
    to attach certicom as well to have ECC SSL working on the server side. This
    problem has already been reported to Thales last year and they said they'd look
    into putting the item on their next release.  Recently through a different
    contact, we learned there might be a way to "turn it on" (still waiting for
    their further instruction)
    
    * Problem 2- Certicom issue:
      This is a show-stopper for deployment.  Initially, on the client side, I used Kai's special
    version of Xulrunner/Firefox, attached to Certicom token, so that the CRMF
    requests can be generated with key archival option.  However, I encountered
    (or, re-encountered) an issue with certicom token.  Certicom generates ECC keys
    with the wrong format (not PKCS7 conforming), which makes ECC key archival
    impossible on the server side if you use non-certicom token with DRM (but we
    expect an HSM in most product deployment).  I have contacted Certicom for this
    issue, and they confirmed that they indeed have such issue.  We are hoping they will fix it.
    
    But then you might ask, "I thought I saw some ECC enrollment
    profiles/javascripts being checked in?  How were the tests done?" The tests for
    those profiles were done against this ECC key archival/recovery DRM prototype I
    implemented last year (needs to be turned on manually in 8.1), where I
    "cheated" (yeah, that's why it's called a prototype) by decrypting the private
    key in the CRMF on DRM, and then manipulating the byte array to strip off the
    offending bytes before archival.
    In the real, non-prototype implementation, which is what's in this patch, for
    security reasons, private keys are unwrapped directly onto the token during key
    archival, so there is no way to manipulate the keys in memory and bypass the
    Certicom issue.
    
    A word about Kai's special version of Xulrunner/Firefox.  It is not yet
    publicly available (due out in Firefox 10.0.4 on RHEL 5.8).
    
    * Problem 3- Firefox with nethsm issue:
    Another option was to connect Kai's special version firefox with an HSM to test
    my DRM/JSS code.  However, for whatever reason, I could not get SSL going
    between such Firefox and ECC CA ( I did not try very hard though, as I have one
    other option -- writing my own ECC CRMF generation tool.  I might come back to
    try the nethsm Firefox idea later)
    
    My solution (how I work on this official implementation):
    * I hacked up a ECC CRMF tool by taking the CRMFPopClient (existing in current
    releases), gutting out the RSA part of the code, and replacing it with ECC
    code.  I call it CRMFPopClientEC.  Two types of ECC key pairs could be
    generated: ECDSA or ECDH (That's another benefit of writing my own tool -- I
    don't know if you can select which type to generate in the Javascript... maybe
    you can, I just don't know).  I'm in no way condoning archival of signing
    keys!!  This is just a test tool.
    This tool takes a curve name as option (along with others), generates an ECC
    key pair, crafts up an CRMF request with key archival option, and sends request
    directly to the specified CA.  You will see a "Deferred" message in the HTML
    response (see attachment for example)
    Once CA agent approves the request, the archival request goes to DRM and the
    user private key is archived.
    For recovery, DRM agent selects key recovery, etc, and you get your pkcs12.
    
    I did some sanity test with the pkcs12 recovered:
    * Import the recovered pkcs12 into a certicom library:
    pk12util -d . -h "Certicom FIPS Cert/Key Services" -i userEC.p12
    
    I also tested by retrieving a p12, importing it into a browser, and adding the
    user as an agent and the user could act as agent via ssl client auth to the CA.
    
    Finally, much of the RSA-centric code had been cleared out of the way at the
    time when I worked on the DRM ECC prototype, so you don't see much of that in
    this round.
    
    How do you test? Well, unless you want to use my CRMFPopClientEC tool hooked up
    with a nethsm (like I did), or write your own tool, you can't really test it
    until Certicom fixes their issue. (BTW CRMFPopClientEC can also be changed to
    work with ceriticom, although you would run into the same issue I mentioned
    above)

commit a37d66662a859bd706f449edddc3ae715ee2d520
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 00:02:21 2012 -0500

    Replaced deprecated ApacheHttpClientExecutor.
    
    The deprecated ApacheHttpClientExecutor class has been replaced with
    ApacheHttpClient4Executor.
    
    Ticket #3

commit 0b39b68e4e72cbcf0f4d28488d54ce06117efa9c
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Thu Mar 1 19:58:34 2012 -0600

    Added CMSException.
    
    The CMSException was added to simplify error handling in REST services.
    The exception may include an error message and some other attributes.
    When the server throws a CMSException (or its subclass), the exception
    will be marshalled into XML and unmarshalled by the client, then thrown
    again as a new exception which can be caught by the application.
    
    Ticket #100

commit 70fdf22f76494a84b6cbef10598ed897a48f0798
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 18:29:19 2012 -0500

    Replaced deprecated PK11PubKey.fromRaw().
    
    The deprecated fromRaw() method in PK11PubKey has been replaced
    with fromSPKI().
    
    Ticket #3

commit c7437995ea2b9d1a67f73cce8b5705b7e77ac7ab
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 18:12:40 2012 -0500

    Replaced deprecated RevRequest constructor.
    
    The deprecated RevRequest constructor has been replaced with
    another constructor with null invalidity date.
    
    Ticket #3

commit 92ccc4c36ce840650f28f4b8edb3cbb5bb1d265c
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 12:01:34 2012 -0500

    Replaced deprecated LDAPConnection.authenticate().
    
    The deprecated authenticate() method in LDAPConnection has been
    replaced with another authenticate() method with different signature.
    
    Ticket #3

commit 11c7985988eb1bf2fc979cc38094b794a814e2a4
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Tue Mar 27 12:09:05 2012 -0500

    Replaced Candlepin with RESTEasy.
    
    Previously the code depends on the old RESTEasy libraries provided by
    Candlepin package. Now the Eclipse classpath, build/setup scripts, and
    the spec file have been updated to use the libraries provided by the
    new RESTEasy package.
    
    Ticket #29

commit 1c8437891cdfe5580e09c495f79d81334ed0c2c0
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 00:36:32 2012 -0500

    Replaced deprecated AlgorithmId.getAlgorithmId().
    
    The deprecated getAlgorithmId() method in AlgorithmId has been replaced
    with get().
    
    Ticket #3

commit e744c37ab1510f87ed4b5b3eafeb3758f1d0e30f
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 28 00:20:42 2012 -0500

    Replaced deprecated JTable.createScrollPaneForTable().
    
    The deprecated createScrollPaneForTable() method in JTable() has been
    replaced with JScrollPane() constructor.
    
    Ticket #3

commit 3b65ec9bbf7fcfb69d5a9b0d59148a587cd32c49
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Tue Mar 27 02:10:00 2012 -0500

    Replaced deprecated Dialog.show().
    
    The deprecated show() method in Dialog has been replaced with setVisible().
    
    Ticket #3

commit 176905c3cf27a3ca295921f33d1be956397d4117
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Tue Mar 27 02:04:49 2012 -0500

    Replaced deprecated JPasswordField.getText().
    
    The deprecated getText() method in JPasswordField has been replaced
    with getPassword().
    
    Ticket #3

commit 018467598ec9d771daacae70b5397ad568b2ca80
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Mar 26 21:43:20 2012 -0500

    Replaced deprecated DataInputStream.readLine().
    
    The deprecated readLine() method in DataInputStream has been replaced
    by the same method in BufferedReader.
    
    Ticket #3

commit 2ad71e6dab29ca5ed8362fe7cb672325884aaec5
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Mar 26 00:48:11 2012 -0500

    Replaced deprecated XMLSerializer.
    
    The deprecated XMLSerializer has been replaced with LSSerializer.
    The new API does not provide a way to control the indentation or
    line width.
    
    Ticket #3

commit 78378144e71a00a67690a1f99152402c892b0103
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Fri Mar 23 10:44:33 2012 -0500

    Added option to build without Javadoc.
    
    The build scripts have been modified to provide an option to build
    without Javadoc to speed up development builds. The option can be
    used as follows:
    
      compose_pki_core_packages --without-javadoc hybrid_rpms
    
    Ticket #111

commit 621d9e5c413e561293d7484b93882d985b3fe15f
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Sat Mar 24 02:27:47 2012 -0500

    Removed unnecessary pki folder.
    
    Previously the source code was located inside a pki folder.
    This folder was created during svn migration and is no longer
    needed. This folder has now been removed and the contents have
    been moved up one level.
    
    Ticket #131

commit 40d3643b8d91886bf210aa27f711731c81a11e49
Author: Ade Lee <alee at redhat.com>
Date:   Fri Mar 23 16:19:59 2012 -0400

    Added policy deprecations
    
    Many of the policy deprecation warnings come from classes that probably ought to
    be deprecated as part of the deprecated policy framework as well.  Making these
    as deprecated removes the deprecation warnings - and we can really see where
    we make sure of deprecated policy code elsewhere.
    
    Also removed some URLEncoder, Decoder deprecations

commit 154c2954b7986299840746e98ae7a23199cc35b9
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 14 14:36:25 2012 -0500

    Removed unused variables (part 2).
    
    This patch brings down the warnings from 1943 to 1221.
    
    Ticket #103

commit 9513af54d56955734a58561a6753b0aafc83c162
Author: Ade Lee <alee at redhat.com>
Date:   Wed Mar 21 23:25:29 2012 -0400

    Allow clones to specify master and replica ports and security options
    
    Removed -clone_start_tls option and subsumed it into -replicationSecurity.
    Refactored DatabasePanel parameter verification code to allow it to be
    used in both update() and validate().  Added new parameters to pkisilent
    and databasepanel.vm.
    
    Also fixed cloning error when master uses localhost.

commit 2b99f63796fb8513c96d04f25dec608d8483763d
Author: Ade Lee <alee at redhat.com>
Date:   Thu Mar 22 22:51:56 2012 -0400

    Replace URLEncoder.encode with non-deprecated form in pkisilent
    
    Removed some obsolete files.

commit e168d790c3e797e0dc0f94e3496636a52e935b4f
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Mar 19 13:13:05 2012 -0500

    Removed unused SystemIdentity and SystemSigner.
    
    The SystemIdentity and SystemSigner classes have been removed
    because they are based on deprecated classes and are not used
    anywhere in the code.
    
    Ticket #3

commit 7e6da86e37c4dc60ed537316f6bc0dee76a3d6dc
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Mon Mar 19 12:38:20 2012 -0500

    Replaced deprecated Date API.
    
    The deprecated Date(year, month, date) constructor has been replaced
    with Calendar API. There are similar Date constructors in JavaScript
    but those are not deprecated and should not be replaced.
    
    Ticket #3

commit 29629861abfc92ce754a99fcee6c2df6febf7387
Author: Ade Lee <alee at redhat.com>
Date:   Fri Mar 16 13:20:38 2012 -0400

    BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
    
    Tomcat6 has changed the changed the location of the TOMCAT_LOG, and
    it should no longer point to catalina.out.  This initially caused
    dogtag to break because the code to chown TOMCAT_LOG to TOMCAT_USER
    was removed.  Added code to spec file to fix existing instances.
    
    Also fixed error in spec file.  Incorrect selinux patch was being
    applied for f17.

commit c33e9dca5de7cffc0960838812dcd06854ef38c6
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Wed Mar 14 19:35:06 2012 -0700

    Removed extraneous 'endif'

commit 4f7ada50dc59c5d2c2a61da6cf245b5bdea9a6f4
Author: Matthew Harmsen <mharmsen at redhat.com>
Date:   Wed Mar 14 13:44:47 2012 -0700

    Corrected 'junit' dependency check

commit 5c613fcb2323cb477ac6d4518a73fc4a810c2b3f
Author: Endi Sukma Dewata <edewata at redhat.com>
Date:   Wed Mar 14 12:51:23 2012 -0500

    Escape parameter values in search filter.
    
    The REST interface was vulnerable to injection attack. This has
    been fixed by escaping the special characters in parameter values
    before using them in the search filter.
    



More information about the Pkg-freeipa-devel mailing list