pki.git/base/common, branch ticket-501

Added certificate status option to cert-find.

2013-02-07T20:59:18+00:00

Additional output attributes for cert-find.

2013-02-07T20:49:00+00:00

The cert-find command has been modified to include some additional
attributes including certificate type and version, key algorithm
name and length, validity dates, creation time and issuer.

Ticket #498

Fixed validity duration options for cert-find.

2013-02-07T15:42:25+00:00

The cert-find command has been fixed to show better error messages
on missing validity duration options. The validity duration unit
has been changed to take "day", "week", "month", or "year" and
convert it into milliseconds.

Ticket #291, #500

Fixed conflicting security domain hosts.

2013-02-07T15:42:04+00:00

The SecurityDomainProcessor has been modified to generate the host
ID from the subsystem type, hostname, and secure port instead of
relying on the user-configurable SubsystemName attribute.

Ticket #503

Fixed date format for cert-find parameters.

2013-02-07T15:41:29+00:00

All date parameters for cert-find have been modified to use the
YYYY-MM-DD date format. Date parsing code in FilterBuilder has
been modified not to ignore parsing errors.

Ticket #497

Fixed getInstallToken() invocation.

2013-02-04T23:47:02+00:00

The configuration code has been modified to use the REST interface
to get the installation token and ignore CA cert validation errors.

Ticket #476

Session-based nonces.

2013-02-04T17:06:40+00:00

Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
   collisions which required special handling.
2. The collision handling code was not thread safe. There were
   possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
   users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
   the possible authentication methods that can be supported.

Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.

Ticket #474

Merged cert-request-review/approve commands.

2013-02-04T17:05:30+00:00

The cert-request-approve has been merged into cert-request-review
to ensure that these operations are executed in the same session.

Ticket #474

Fixed CLI 'cert-find' clientAuth FQDN hostname issue

2013-01-25T08:09:27+00:00

* TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue

Ticket 419 - REST interface for cert requests

2013-01-22T21:59:02+00:00