pki.git/base/ca/shared, branch ticket-309 Unnamed repository; edit this file 'description' to name the repository. Enabled authentication for security domain REST interface. 2012-10-17T23:26:10+00:00 Endi Sukma Dewata edewata@redhat.com 2012-09-06T21:33:48+00:00 2e2a1ed2401a9b0130eb2b5218508f5c1fd569b1 The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309 
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.

Ticket #309
Using RPM version number in CMake. 2012-10-01T18:15:44+00:00 Endi Sukma Dewata edewata@redhat.com 2012-09-30T17:21:46+00:00 f81718c563ea12240e161a807013acd2d6eb1f2e The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339 
The RPM spec files have been modified to pass the full RPM version
number to CMake. The version number contains the product version
number, release number, milestone, and platform. The CMake scritps
will parse and use this version number to generate Java manifest
files. The product version number will be used as the specification
version and full version number will be used as the implementation
version.

Ticket #339
Audit Cert Renewal 2012-09-21T00:08:50+00:00 Matthew Harmsen mharmsen@redhat.com 2012-09-20T17:23:47+00:00 f5b8ea5b087f642a0208c228dce6f700cd7d91c1 * TRAC Ticket #333 - Increase audit cert renewal range to 2 years * Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years 
* TRAC Ticket #333 - Increase audit cert renewal range to 2 years
* Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years
Added common ROOT webapp. 2012-09-12T17:38:58+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-28T19:14:54+00:00 7c622a4e5714af8f83ce30022c970cc36c2ee597 The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89 
The current ROOT webapp will redirect users coming to the root
URL path to the proper path of the subsystem's webapp.

Since now a single Tomcat instance may have multiple subsystems,
a new ROOT webapp has been added to present the user with a menu
of all available webapps from all subsystems in the instance.

Ticket #89
Added proxy realm. 2012-09-05T15:09:41+00:00 Endi Sukma Dewata edewata@redhat.com 2012-08-21T22:38:29+00:00 8eb2eac080c2e9595b506f49f25d2c1718453bbc CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89 
CMS engine is a singleton and it's used by PKI realm to authenticate
users accessing the subsystem. Since a Tomcat instance may contain
multiple subsystems, each having separate realm, the PKI JAR links
need to be moved into WEB-INF/lib so that they will run inside
separate class loaders.

Tomcat also requires that the authenticator and realm classes be
available in common/lib. To address this a new package pki-tomcat.jar
has been added. The package contains the authenticator and a proxy
realm. When the subsystems start running, they will register their
own realms into the proxy realms such that the authentications will
be forwarded to the appropriate subsystems.

Ticket #89
Enabled SSL authenticator and PKI realm. 2012-08-03T22:07:20+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 9ca367e9c16273af11909f4c72f9c5cf5ddb0b4d The SSL connection has been configured with clientAuth="want" so users can choose whether to provide a client certificate or username and password. The authentication and authorization will be handled by the SSL authenticator with fallback and PKI realm. New access control rules have been added for users, groups, and certs REST services. Ticket #107 
The SSL connection has been configured with clientAuth="want" so
users can choose whether to provide a client certificate or username
and password. The authentication and authorization will be handled
by the SSL authenticator with fallback and PKI realm. New access
control rules have been added for users, groups, and certs REST
services.

Ticket #107
Moved REST services into separate URLs. 2012-08-03T22:07:13+00:00 Endi Sukma Dewata edewata@redhat.com 2012-07-27T01:40:08+00:00 eca4d635e67eaf3c6878d35acfaaf11df53151e2 To support different access control configurations the REST services have been separated by roles. Services that don't need authentication will be available under /rest. Services that require agent rights will be available under /rest/agent. Services that require admin rights will be available under /rest/admin. Ticket #107 
To support different access control configurations the REST
services have been separated by roles. Services that don't
need authentication will be available under /rest. Services
that require agent rights will be available under /rest/agent.
Services that require admin rights will be available under
/rest/admin.

Ticket #107
ECC directory enrollment profile 2012-08-02T22:48:56+00:00 Andrew Wnuk awnuk@redhat.com 2012-08-02T22:48:56+00:00 1d85941aa2f80f3da619504fe4310fe47cb5b036 This patch adds ECC directory enrollment profile. Bug: 748514. 
This patch adds ECC directory enrollment profile.

Bug: 748514.
Replaced two bad "[PKI_SUBSYSTEM_DIR]" slot substitutions with original 2012-07-20T01:10:51+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-20T01:10:51+00:00 5ff8f1cc33678ff6188ee39114439353cd3007bf hard-coded "ca/" so that this code works with BOTH 'pkicreate' AND 'pkispawn'. 
hard-coded "ca/" so that this code works with BOTH 'pkicreate' AND 'pkispawn'.
PKI Deployment Scriptlets 2012-07-19T17:15:56+00:00 Matthew Harmsen mharmsen@redhat.com 2012-07-04T00:52:33+00:00 0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 * Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse) 
* Integration of Tomcat 7
* Introduction of dependency upon tomcatjss 7.0
* Removal of http filtering configuration mechanisms
* Introduction of additional slot substitution to
  support revised filesystem layout
* Addition of 'pkiuser' uid:gid creation methods
* Inclusion of per instance '*.profile' files
* Introduction of configurable 'configurationRoot'
  parameter
* Introduction of default configuration of 'log4j'
  mechanism (alee)
* Modify web.xml to use new Application classes to
  bootstrap servers (alee)
* Introduction of "Wrapper" logic to support
  Tomcat 6 --> Tomcat 7 API change (jmagne)
* Added jython helper function to allow attaching
  a remote java debugger (e. g. - eclipse)