pki.git/base/server/cmsbundle/src/UserMessages.properties, branch master Unnamed repository; edit this file 'description' to name the repository. Fixed error message on invalid log type. 2017-06-27T17:38:50+00:00 Endi S. Dewata edewata@redhat.com 2017-06-27T16:44:16+00:00 833708b48ea76e71ddf1fa9b0cba53a5aa23a459 To help troubleshooting the error message on invalid log type has been modified to include the invalid value. https://pagure.io/dogtagpki/issue/2689 Change-Id: Ie245bd9e3a3925979af4708fa911697a9746e54b 
To help troubleshooting the error message on invalid log type has
been modified to include the invalid value.

https://pagure.io/dogtagpki/issue/2689

Change-Id: Ie245bd9e3a3925979af4708fa911697a9746e54b
Ticket #2616 CMC: id-cmc-statusInfo ==> id-cmc-statusInfoV2 2017-06-23T17:07:40+00:00 Christina Fu cfu@redhat.com 2017-06-17T01:20:38+00:00 6273907e0ca36425fa30c106b7fdd28c510b1162 This patch contains the following update: * Structurely, CMCStatusInfo to CMCStatusInfoV2 update; no extendedFailInfo has been added at this point * In case of EncryptedPOP, instead of returning with CMCStatus pending where PendInfo contains the requestID, it now returns CMCStatus failed whith responseInfo control contains the requestID. On the client side, CMCRequest now processes the responseInfo and returns the DecryptedPOP with requestID in the regInfo control. CMCResponse has been updated to handle the new controls as well. * A number of fail info codes are now being supported by the server to add clarity to CMC failed status, including: badMessageCheck, badRequest, unsuportedExt, badIdentity, popRequired, and popFailed. 
This patch contains the following update:
* Structurely, CMCStatusInfo to CMCStatusInfoV2 update; no extendedFailInfo has been added at this point
* In case of EncryptedPOP, instead of returning with CMCStatus pending where
  PendInfo contains the requestID, it now returns CMCStatus failed whith
  responseInfo control contains the requestID. On the client side, CMCRequest
  now processes the responseInfo and returns the DecryptedPOP with requestID in
  the regInfo control. CMCResponse has been updated to handle the new controls
  as well.
* A number of fail info codes are now being supported by the server to add
  clarity to CMC failed status, including:
  badMessageCheck, badRequest, unsuportedExt, badIdentity, popRequired, and popFailed.
Ticket #2717 CMC user-signed enrollment request 2017-04-29T02:56:09+00:00 Christina Fu cfu@redhat.com 2017-04-29T00:55:17+00:00 3ff9de6a517d7fdcdee6c4a8c884eff052f8f824 This patch provides implementation that allows user-signed CMC requests to be processed; The resulting certificate will bear the same subjectDN as that of the signing cert; The new uri to access is /ca/ee/ca/profileSubmitUserSignedCMCFull where the new profile is to be used: caFullCMCUserSignedCert.cfg which utilizes the new authentication plugin: CMCUserSignedAuth and new profile default plugin: CMCUserSignedSubjectNameDefault and new profile constraint plugin: CMCUserSignedSubjectNameConstraint 
This patch provides implementation that allows user-signed CMC requests
to be processed; The resulting certificate will bear the same subjectDN
as that of the signing cert;
The new uri to access is /ca/ee/ca/profileSubmitUserSignedCMCFull
where the new profile is to be used: caFullCMCUserSignedCert.cfg
which utilizes the new authentication plugin: CMCUserSignedAuth
and new profile default plugin: CMCUserSignedSubjectNameDefault
and new profile constraint plugin: CMCUserSignedSubjectNameConstraint
Ticket #2614 CMC: id-cmc-popLinkWitnessV2 feature implementation This patch provides the feature for CMC on handling id-cmc-popLinkWitnessV2 2017-04-14T01:32:50+00:00 Christina Fu cfu@redhat.com 2017-04-13T23:53:58+00:00 b04739d364e7e220da29ce8d47654377999ad881 






Fix error output when request is rejected
2016-05-10T01:47:42+00:00

Ade Lee
alee@redhat.com

2016-05-07T04:06:08+00:00

65c7652926aedfd88b80386a9059b46e7e9e5af9

With this fix, error messages are returned to the user when
a request is rejected - either in the UI or from the pki CLI.

Trac Ticket 1247 (amongst others)





With this fix, error messages are returned to the user when
a request is rejected - either in the UI or from the pki CLI.

Trac Ticket 1247 (amongst others)







Add realm to requests coming in from CA
2016-05-10T01:47:11+00:00

Ade Lee
alee@redhat.com

2016-05-04T22:25:51+00:00

5384c8c21ed167e3b08f0d709c43a68fd49ffc38

Requests to the KRA through the CA-KRA connector use the Enrollment
Service.  This has been modified to read and store any realm passed in.
The realm can be added to the request by havibg the admin add
a AuthzRealmDefault and AuthzRealmConstraint in a profile.

At this point, all the constraint does is verify that the realm is
one of a specified list of realms.  More verification will be added
in a subsequent patch.

No attempt is made yet to allow users to specify the realm.  This
would need to be added as a ProfileInput.

Part of Ticket 2041





Requests to the KRA through the CA-KRA connector use the Enrollment
Service.  This has been modified to read and store any realm passed in.
The realm can be added to the request by havibg the admin add
a AuthzRealmDefault and AuthzRealmConstraint in a profile.

At this point, all the constraint does is verify that the realm is
one of a specified list of realms.  More verification will be added
in a subsequent patch.

No attempt is made yet to allow users to specify the realm.  This
would need to be added as a ProfileInput.

Part of Ticket 2041







Remove vestiges of NISAuth plugin
2016-02-16T01:52:30+00:00

Fraser Tweedale
ftweedal@redhat.com

2016-01-12T01:28:10+00:00

66d76bbeaf096bac3d14b1a633e1d99be57040ee

Fixes: https://fedorahosted.org/pki/ticket/1674





Fixes: https://fedorahosted.org/pki/ticket/1674







Improve 'authz manager not found' message string
2016-01-14T04:41:42+00:00

Fraser Tweedale
ftweedal@redhat.com

2016-01-14T04:26:59+00:00

933004ba052ec1ce93526616c67b5ed272f29779












Fixed mismatching certificate validity calculation.
2016-01-08T21:54:36+00:00

Endi S. Dewata
edewata@redhat.com

2015-12-20T20:46:56+00:00

9193fe5191d1bd857b7e1f5a398c6a279b42ec84

The CAValidityDefault has been modified to use Calendar API to
calculate the certificate validity range to be consistent with
the ValidityConstraint and ValidityDefault.

https://fedorahosted.org/pki/ticket/1682





The CAValidityDefault has been modified to use Calendar API to
calculate the certificate validity range to be consistent with
the ValidityConstraint and ValidityDefault.

https://fedorahosted.org/pki/ticket/1682







Add LDAPProfileSubsystem to store profiles in LDAP
2015-04-08T02:38:10+00:00

Fraser Tweedale
ftweedal@redhat.com

2014-07-17T04:24:06+00:00

4785f08b9fa14e2abd60533542d763bdea8082a0

Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.

Extract common behaviour in to new AbstractProfileSubsystem
superclass.

Also address the minor issue #1220.





Add the LDAPProfileSubsystem as another IProfileSubsystem
implementation that can be used instead of ProfileSubsystem (which
stores profiles on the file system) to store files in LDAP so that
changes can be replicated.

Extract common behaviour in to new AbstractProfileSubsystem
superclass.

Also address the minor issue #1220.