pki.git/base/ca, branch direct-deployment Unnamed repository; edit this file 'description' to name the repository. Deploying webapps from shared folder. 2013-02-06T00:57:38+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-06T00:57:38+00:00 8011267258e6d04af15f0b5cdacc939fb11a81f8 






Rearranged context.xml.
2013-02-05T22:29:01+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-02-05T22:13:22+00:00

991577dd40bbb18613893362783d0cd06cbdce79

Previously the context.xml files are deployed into META-INF folders
in each webapps. They now have been moved into <instance>/conf/
Catalina/localhost/<subsystem>.xml to allow further clean-up.





Previously the context.xml files are deployed into META-INF folders
in each webapps. They now have been moved into <instance>/conf/
Catalina/localhost/<subsystem>.xml to allow further clean-up.







Session-based nonces.
2013-02-04T17:06:40+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-01-23T18:10:52+00:00

6259ba064f4c17b7f6891fcb61501103348936be

Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
   collisions which required special handling.
2. The collision handling code was not thread safe. There were
   possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
   users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
   the possible authentication methods that can be supported.

Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.

Ticket #474





Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
   collisions which required special handling.
2. The collision handling code was not thread safe. There were
   possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
   users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
   the possible authentication methods that can be supported.

Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.

Ticket #474







https://fedorahosted.org/pki/ticket/362 RFE: CMC ECC
2013-01-16T04:58:46+00:00

Christina Fu
cfu@redhat.com

2013-01-16T07:59:24+00:00

7a0252247e860806d6456e997149602c9750206a












Resolved Trac Ticket 367 - pkidestroy does not remove connector
2013-01-15T14:28:38+00:00

Ade Lee
alee@redhat.com

2012-12-20T22:38:13+00:00

1cceecafb8050ec362a9c9568d36d52d3fe4117e

* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.





* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.







Increase root CA validity to 20 years
2013-01-07T22:44:39+00:00

Ade Lee
alee@redhat.com

2013-01-07T21:38:25+00:00

b8e407aa83f3ff4a4feea049e4ada54853b39f4d

Trac Ticket #466





Trac Ticket #466







Remove server code from CertSearchRequest
2012-12-07T06:02:09+00:00

Ade Lee
alee@redhat.com

2012-12-07T05:14:00+00:00

cbfdae84f511ae526f1e7e29f71e7f60eef96094

Ticket #418





Ticket #418







Parameterizing RESTEasy paths.
2012-12-07T02:23:11+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-12-06T18:06:14+00:00

9996d71e1a4fb7a8ca6752b83e4f2393dbefa76b

The paths to RESTEasy jar files have been modified such that it can
be configured globally at build time using the spec file to support
different distributions, and at deployment time using a system-wide
configuration in /etc/pki/pki.conf.

Ticket #422, #423.





The paths to RESTEasy jar files have been modified such that it can
be configured globally at build time using the spec file to support
different distributions, and at deployment time using a system-wide
configuration in /etc/pki/pki.conf.

Ticket #422, #423.







I18n for ProfileList.template.
2012-12-03T16:48:40+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-11-13T23:07:43+00:00

66c519f0185f24a650df834d781be2ed7ef857f7

The messages in ProfileList.template in CA EE has been extracted
into a properties file which can be translated separately.

The original messages in the template have been marked as follows:
  <span class="message" name="...key...">...message...</span>

When the page is loaded into the browser, the original message will
be replaced with the translated messages.

Ticket #406





The messages in ProfileList.template in CA EE has been extracted
into a properties file which can be translated separately.

The original messages in the template have been marked as follows:
  <span class="message" name="...key...">...message...</span>

When the page is loaded into the browser, the original message will
be replaced with the translated messages.

Ticket #406







Misc changes to get rhel 7 build to work
2012-11-21T15:47:50+00:00

Ade Lee
alee@redhat.com

2012-11-21T15:16:04+00:00

871b4423babc140d984d4b49aa380710cfcaf72a

1. Modified cmake dependency
2. Corrected conditionals in spec file
3. Added paths for resteasy-base
4. Added paths to policy for resteasy-base





1. Modified cmake dependency
2. Corrected conditionals in spec file
3. Added paths for resteasy-base
4. Added paths to policy for resteasy-base