pki.git/base, branch dev2 Unnamed repository; edit this file 'description' to name the repository. Deploying webapps from shared folder. 2013-02-06T00:57:38+00:00 Endi Sukma Dewata edewata@redhat.com 2013-02-06T00:57:38+00:00 8011267258e6d04af15f0b5cdacc939fb11a81f8 






Rearranged context.xml.
2013-02-05T22:29:01+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-02-05T22:13:22+00:00

991577dd40bbb18613893362783d0cd06cbdce79

Previously the context.xml files are deployed into META-INF folders
in each webapps. They now have been moved into <instance>/conf/
Catalina/localhost/<subsystem>.xml to allow further clean-up.





Previously the context.xml files are deployed into META-INF folders
in each webapps. They now have been moved into <instance>/conf/
Catalina/localhost/<subsystem>.xml to allow further clean-up.







Fixed date format for cert-find parameters.
2013-02-04T23:53:06+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-02-04T23:43:05+00:00

055921c1e5e8e74bfe487d6b8228da3ab5e1f9a4

All date parameters for cert-find have been modified to use the
YYYY-MM-DD date format. Date parsing code in FilterBuilder has
been modified not to ignore parsing errors.

Ticket #497





All date parameters for cert-find have been modified to use the
YYYY-MM-DD date format. Date parsing code in FilterBuilder has
been modified not to ignore parsing errors.

Ticket #497







Added interactive subsystem installation.
2013-02-04T23:48:02+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-12-18T19:46:41+00:00

981ebcce84770c9d48e80fc9b5ffd2bbf8fd0816

The pkispawn has been modified such that the configuration file
and subsystem type are optional. The pkidestroy has been modified
such that the instance name and subsystem type are optional.
If any of these options are not specified they will enter an
interactive mode.

Ticket #380





The pkispawn has been modified such that the configuration file
and subsystem type are optional. The pkidestroy has been modified
such that the instance name and subsystem type are optional.
If any of these options are not specified they will enter an
interactive mode.

Ticket #380







Fixed getInstallToken() invocation.
2013-02-04T23:47:02+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-02-01T19:31:15+00:00

3e0df521290e8159e36d1bdef52df297f20a809d

The configuration code has been modified to use the REST interface
to get the installation token and ignore CA cert validation errors.

Ticket #476





The configuration code has been modified to use the REST interface
to get the installation token and ignore CA cert validation errors.

Ticket #476







Session-based nonces.
2013-02-04T17:06:40+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-01-23T18:10:52+00:00

6259ba064f4c17b7f6891fcb61501103348936be

Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
   collisions which required special handling.
2. The collision handling code was not thread safe. There were
   possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
   users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
   the possible authentication methods that can be supported.

Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.

Ticket #474





Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map uses the nonces as map keys. There were possible nonce
   collisions which required special handling.
2. The collision handling code was not thread safe. There were
   possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
   users using the system, valid nonces could get pruned.
4. The map maps the nonces to client certificates. This limits
   the possible authentication methods that can be supported.

Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.

Ticket #474







Merged cert-request-review/approve commands.
2013-02-04T17:05:30+00:00

Endi Sukma Dewata
edewata@redhat.com

2013-01-30T22:57:17+00:00

9c6f3df2193de627f83c1f22fe47cd61e6e3578a

The cert-request-approve has been merged into cert-request-review
to ensure that these operations are executed in the same session.

Ticket #474





The cert-request-approve has been merged into cert-request-review
to ensure that these operations are executed in the same session.

Ticket #474







Bug 903401 - TMS: RSA token enrollment failed : public key decode error
2013-01-26T11:39:24+00:00

Christina Fu
cfu@redhat.com

2013-01-26T11:39:24+00:00

95e41dc9043a3fbbeea2abd58cca84d1442c0102












Fixed CLI 'cert-find' clientAuth FQDN hostname issue
2013-01-25T08:09:27+00:00

Matthew Harmsen
mharmsen@redhat.com

2013-01-25T08:07:39+00:00

833feccb5539146a7f7288ed7eaef5aed9f26911

* TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue





* TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue







Ticket 419 - REST interface for cert requests
2013-01-22T21:59:02+00:00

Ade Lee
alee@redhat.com

2013-01-17T20:41:41+00:00

85aa3bdbd86a00057c60de842b208e573b85c200