pki.git/base/common/src/com, branch dev2 Unnamed repository; edit this file 'description' to name the repository. Fixed date format for cert-find parameters. 2013-02-04T23:53:06+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-04T23:43:05+00:00 055921c1e5e8e74bfe487d6b8228da3ab5e1f9a4 All date parameters for cert-find have been modified to use the YYYY-MM-DD date format. Date parsing code in FilterBuilder has been modified not to ignore parsing errors. Ticket #497 
All date parameters for cert-find have been modified to use the
YYYY-MM-DD date format. Date parsing code in FilterBuilder has
been modified not to ignore parsing errors.

Ticket #497
Fixed getInstallToken() invocation. 2013-02-04T23:47:02+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-01T19:31:15+00:00 3e0df521290e8159e36d1bdef52df297f20a809d The configuration code has been modified to use the REST interface to get the installation token and ignore CA cert validation errors. Ticket #476 
The configuration code has been modified to use the REST interface
to get the installation token and ignore CA cert validation errors.

Ticket #476
Session-based nonces. 2013-02-04T17:06:40+00:00 Endi Sukma Dewata edewata@redhat.com 2013-01-23T18:10:52+00:00 6259ba064f4c17b7f6891fcb61501103348936be Previously nonces were stored in a global map which might not scale well due to some issues: 1. The map uses the nonces as map keys. There were possible nonce collisions which required special handling. 2. The collision handling code was not thread safe. There were possible race conditions during concurrent modifications. 3. The map was shared and size limited. If there were a lot of users using the system, valid nonces could get pruned. 4. The map maps the nonces to client certificates. This limits the possible authentication methods that can be supported. Now the code has been modified such that each user has a private map in the user's session to store the nonces. Additional locking has been implemented to protect against concurrent modifications. The map now uses the target of the operation as the map key, eliminating possible collisions and allowing the use of other authentication methods. Since this is a private map, it's not affected by the number of users using the system. Ticket #474 
Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
   collisions which required special handling.
2. The collision handling code was not thread safe. There were
   possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
   users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
   the possible authentication methods that can be supported.

Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.

Ticket #474
Merged cert-request-review/approve commands. 2013-02-04T17:05:30+00:00 Endi Sukma Dewata edewata@redhat.com 2013-01-30T22:57:17+00:00 9c6f3df2193de627f83c1f22fe47cd61e6e3578a The cert-request-approve has been merged into cert-request-review to ensure that these operations are executed in the same session. Ticket #474 
The cert-request-approve has been merged into cert-request-review
to ensure that these operations are executed in the same session.

Ticket #474
Fixed CLI 'cert-find' clientAuth FQDN hostname issue 2013-01-25T08:09:27+00:00 Matthew Harmsen mharmsen@redhat.com 2013-01-25T08:07:39+00:00 833feccb5539146a7f7288ed7eaef5aed9f26911 * TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue 
* TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue
Ticket 419 - REST interface for cert requests 2013-01-22T21:59:02+00:00 Ade Lee alee@redhat.com 2013-01-17T20:41:41+00:00 85aa3bdbd86a00057c60de842b208e573b85c200 






https://fedorahosted.org/pki/ticket/362 RFE: CMC ECC
2013-01-16T04:58:46+00:00

Christina Fu
cfu@redhat.com

2013-01-16T07:59:24+00:00

7a0252247e860806d6456e997149602c9750206a












Added LDAP exception converter.
2013-01-15T15:25:38+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-01-11T15:51:46+00:00

98037df00124e1ab81b6ef3be9ba2133f723a95e

A utility class has been added to convert LDAP exceptions into PKI
exceptions.

Ticket #191, #214





A utility class has been added to convert LDAP exceptions into PKI
exceptions.

Ticket #191, #214







Added nonce validation for certificate revocation.
2013-01-15T15:24:39+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-01-08T13:05:53+00:00

ab3d3c8075a0b5244765a931ff11e6658130ade1

The certificate REST service has been modified to validate
nonce when revoking a certificate.

Ticket #213





The certificate REST service has been modified to validate
nonce when revoking a certificate.

Ticket #213







Resolved Trac Ticket 367 - pkidestroy does not remove connector
2013-01-15T14:28:38+00:00

Ade Lee
alee@redhat.com

2012-12-20T22:38:13+00:00

1cceecafb8050ec362a9c9568d36d52d3fe4117e

* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.





* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.