summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Replaced deprecated AlgorithmId.getAlgorithmId().Endi Sukma Dewata2012-03-289-143/+122
| | | | | | | The deprecated getAlgorithmId() method in AlgorithmId has been replaced with get(). Ticket #3
* Replaced deprecated JTable.createScrollPaneForTable().Endi Sukma Dewata2012-03-281-1/+1
| | | | | | | The deprecated createScrollPaneForTable() method in JTable() has been replaced with JScrollPane() constructor. Ticket #3
* Replaced deprecated Dialog.show().Endi Sukma Dewata2012-03-282-6/+6
| | | | | | The deprecated show() method in Dialog has been replaced with setVisible(). Ticket #3
* Replaced deprecated JPasswordField.getText().Endi Sukma Dewata2012-03-281-4/+1
| | | | | | | The deprecated getText() method in JPasswordField has been replaced with getPassword(). Ticket #3
* Replaced deprecated DataInputStream.readLine().Endi Sukma Dewata2012-03-283-35/+34
| | | | | | | The deprecated readLine() method in DataInputStream has been replaced by the same method in BufferedReader. Ticket #3
* Replaced deprecated XMLSerializer.Endi Sukma Dewata2012-03-273-16/+20
| | | | | | | | The deprecated XMLSerializer has been replaced with LSSerializer. The new API does not provide a way to control the indentation or line width. Ticket #3
* Added option to build without Javadoc.Endi Sukma Dewata2012-03-266-54/+90
| | | | | | | | | | The build scripts have been modified to provide an option to build without Javadoc to speed up development builds. The option can be used as follows: compose_pki_core_packages --without-javadoc hybrid_rpms Ticket #111
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-263806-5/+0
| | | | | | | | | Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
* Added policy deprecationsAde Lee2012-03-2324-38/+83
| | | | | | | | | Many of the policy deprecation warnings come from classes that probably ought to be deprecated as part of the deprecated policy framework as well. Making these as deprecated removes the deprecation warnings - and we can really see where we make sure of deprecated policy code elsewhere. Also removed some URLEncoder, Decoder deprecations
* Removed unused variables (part 2).Endi Sukma Dewata2012-03-23177-738/+338
| | | | | | This patch brings down the warnings from 1943 to 1221. Ticket #103
* Allow clones to specify master and replica ports and security optionsAde Lee2012-03-237-185/+261
| | | | | | | | | Removed -clone_start_tls option and subsumed it into -replicationSecurity. Refactored DatabasePanel parameter verification code to allow it to be used in both update() and validate(). Added new parameters to pkisilent and databasepanel.vm. Also fixed cloning error when master uses localhost.
* Replace URLEncoder.encode with non-deprecated form in pkisilentAde Lee2012-03-2213-3078/+330
| | | | Removed some obsolete files.
* Removed unused SystemIdentity and SystemSigner.Endi Sukma Dewata2012-03-223-173/+0
| | | | | | | | The SystemIdentity and SystemSigner classes have been removed because they are based on deprecated classes and are not used anywhere in the code. Ticket #3
* Replaced deprecated Date API.Endi Sukma Dewata2012-03-221-11/+11
| | | | | | | | The deprecated Date(year, month, date) constructor has been replaced with Calendar API. There are similar Date constructors in JavaScript but those are not deprecated and should not be replaced. Ticket #3
* BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changesAde Lee2012-03-205-10/+31
| | | | | | | | | | Tomcat6 has changed the changed the location of the TOMCAT_LOG, and it should no longer point to catalina.out. This initially caused dogtag to break because the code to chown TOMCAT_LOG to TOMCAT_USER was removed. Added code to spec file to fix existing instances. Also fixed error in spec file. Incorrect selinux patch was being applied for f17.
* Removed extraneous 'endif'DOGTAG_10_0_0_ALPHA_FEDORA_16_17_20120314Matthew Harmsen2012-03-141-1/+0
|
* Corrected 'junit' dependency checkMatthew Harmsen2012-03-142-11/+14
|
* Escape parameter values in search filter.Endi Sukma Dewata2012-03-143-5/+33
| | | | | | | | The REST interface was vulnerable to injection attack. This has been fixed by escaping the special characters in parameter values before using them in the search filter. Ticket #96
* Removed CMakeLists from build path to avoid spurious errors.Adam Young2012-03-131-3/+3
|
* Fixed IAttrSet.getElements() implementations.Endi Sukma Dewata2012-03-1317-111/+39
| | | | | | | | This patch fixes incorrect implementation of getElement() in some subclasses of IAttrSet. The method is supposed return the attribute names as an enumeration of strings. Ticket #42
* PKI Deployment FrameworkMatthew Harmsen2012-03-1215-3/+1535
| | | | | | | | | | | | | | | | | | Initial attempt at 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'. Corrected imports to work with site-packages. Standardized log messages via encapsulation in a central file. Updated top-level instance directory. Streamlined parsing and enhanced logging. Added "--dry_run" option. Added umask and default permissions; sanitized use of '+' and '\'. Aliased 'pkiconfig' as 'config' Created a single master PKI dictionary from the sectional dictionaries
* Resolved Bugzilla Bug #801840 - pki_silent.template missing opening brace forMatthew Harmsen2012-03-121-1/+1
| | | | ca_external variable
* Provide Custom PKI JNDI Realm.Jack Magne2012-03-1212-17/+1751
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provide a Realm that provides the following: 1. Allows SSL client certificate authentation upon protected URLs. For now we are protecting the new DRM Rest functions. 2. Allows simple PKI ACL checking like we have in the current server. This is accomplished with the help of a simple file that maps URLs to ACL resourceIDs and operations. 3. DRMRestClient now support SSL Client authentication to test the feature. How to test this: Install new KRA server, after installing build pki-core rpm. Uncomment "PKIJNDIRealm" settings in conf/server.xml Some customization will be needed for instance specific info. See the sample in server.xml. Uncomment the "Security Constraint" and "login-config" settings webapps/kra/WEB-INF/web.xml In running DRMTest.java in eclipse do the following: Change the arguments to support SSL Client auth such as: -h localhost -p 10443 -w secret -d ~/archive-test -s true -c "KRA Administrator of Instance pki-kra's SjcRedhat Domain ID" where the new flags are -s = true for SSL and -c = <client auth cert name> Export the KRA's admin/agent client auth cert from Firefox to a pk12 file. Import this cert into ~/archive-test by using "pk12util" utility. Run the DRMTest.java program in eclipse and observe the results. There should be a prompt for a client cert.
* Refactored NameValuePairs.Endi Sukma Dewata2012-03-12164-2273/+1639
| | | | | | | | | The NameValuePairs class has been modified to extend the Linked- HashMap which preserves the order of elements as in the original code. Some methods are renamed to match Java Map interface. The NameValuePair class is no longer needed and has been removed. Ticket #78
* Replaced daemon threads with executor service.Endi Sukma Dewata2012-03-126-145/+193
| | | | | | | | | | | | The certificate status update and retrieving modifications tasks have been modified to use the executor service. Unlike daemon threads, the service will allow existing task to exit gracefully before shutting down. An abandon operation is used terminate the persistent search used for retrieving modifications. Some methods have been moved to CertificateRepository class to simplify synchronizations. Ticket #73
* Refactored JobsScheduler.Endi Sukma Dewata2012-03-129-55/+51
| | | | | | | | | | | | | | The JobsScheduler has been modified to stop all jobs on shutdown. This is done by setting a flag in each job instead of stopping the job thread abruptly. Long running jobs should check this flag periodically and then exit gracefully. None of the existing jobs need to do this since they do not run very long. Other threads that run background services have been converted into daemons such that they will terminate automatically when the JVM exits. Ticket #73
* Fixes to cloning and security domain tables for client auth internaldb userAde Lee2012-03-0916-204/+364
| | | | | | | | | | | | | | | | | | | | | The mechanism for getting an ldap connection to the internaldb was incorrect, both in the Security Domain Session Table and the DatabasePanel. As a result, connections to the internaldb failed for accessing the security domain session table and when trying to clone a master which connects to its database using client auth. The thread that handles reading the security domain session table is now only instantiated when running on a configured security domain master. Additionally, needed acls for the client auth certificate ldap user have been moved to manager.ldif. This includes acls to allow creation and management of replication agreements and replication users (now being created under ou=csusers, cn=config) Added logs to show when ldif import errors occur. Also made sure to write and remove master ldap password for use in replication. Ticket #5
* Remove PKI desktop iconsMatthew Harmsen2012-03-0613-228/+0
| | | | Bugzilla Bug #767800 - Firefox Launcher on Panel being modified for all users.
* Revert "Initial attempt at ↵Matthew Harmsen2012-03-0615-1509/+1
| | | | | | | | | | | | 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'." This reverts commit b5219f534cf0b60452346b31a84b9eddd881f614. This patch was accidently committed to origin as part of a previous push. Conflicts: pki/specs/pki-core.spec
* Option to create ECC credentials for adminAndrew Wnuk2012-03-062-1/+14
| | | | | | Configuration wizard should provide option to issue ECC credentials for admin during ECC CA configuration. Bug #784387.
* BZ 769388 - pki-silent does not properly escape command-line argumentsAde Lee2012-03-051-1/+5
|
* Fixed DRM REST interface to use BigInteger.Endi Sukma Dewata2012-03-0527-127/+428
| | | | | | | | The DRM REST interface previously uses strings for key ID and request ID. It has been modified to use KeyId and RequestId classes which can accept decimal or hex numbers and internally store it as BigInteger. Ticket #94
* Remove platform specific logic from patches for mock purposes.Matthew Harmsen2012-03-021-9/+9
|
* Initial attempt at 'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.Matthew Harmsen2012-03-0115-2/+1510
| | | | | | | | | | | | | | | | Corrected imports to work with site-packages. Standardized log messages via encapsulation in a central file. Corrected imports to work with site-packages. Standardized log messages via encapsulation in a central file. Updated top-level instance directory. Streamlined parsing and enhanced logging. Added "--dry_run" option. Added umask and default permissions; sanitized use of '+' and '\'.
* Option to change default algorithmsAndrew Wnuk2012-02-296-7/+43
| | | | | | RSA should be default selection for transport, storage, and audit keys till ECC is fully implemented. Bug #787806.
* Removed hard-coded REST paths.Endi Sukma Dewata2012-02-292-6/+17
| | | | | | | | The KeyDAO and KeyRequestDAO have been changed to remove hard-coded paths and use annotation reflection to get the paths from the REST interface definitions. Ticket #95
* Removed dependency on OSUtil.Endi Sukma Dewata2012-02-2924-172/+42
| | | | | | | The OSUtil is no longer used by the code. It has been removed from build scripts and tools. Ticket #90
* Fixed problems shared port.Endi Sukma Dewata2012-02-293-9/+0
| | | | | | | | Some subsystems could not be created using a shared port because it would generate a web.xml with invalid nested comment. The web.xml templates has been fixed to remove the nested comment. Ticket #112
* Enhanced compose scripts to download patchesMatthew Harmsen2012-02-2812-54/+310
| | | | | | Added platform-dependent patches for SELinux component Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
* Removed OS subsystem.Endi Sukma Dewata2012-02-2815-466/+66
| | | | | | | | | | The OS subsystem was previously used to get the PID and to handle shutdown signals using the OSUtil. It has been removed because the functionalities can be obtained without using native code. The PID will now be read from an external PID file created by the wrapper script. The shutdown signals will now be handled by shutdown hook. Ticket #90
* Replaced BtoA/AtoB with Apache codec.Endi Sukma Dewata2012-02-2322-25/+115
| | | | | | | | The OSUtil's BtoA() and AtoB() have been replaced by Base64 codec from Apache Commons library. The codec is configured to use 64-byte line width as defined in RFC 1421. Ticket #90
* Consolidated BtoA/AtoB invocations.Endi Sukma Dewata2012-02-2379-165/+252
| | | | | | | | The OSUtil's BtoA() and AtoB() have been replaced with wrapper methods in com.netscape.cmsutil.util.Utils to simplify transition into Base64 codec from Apache Commons library. Ticket #90
* Renamed Utils to avoid conflicts.Endi Sukma Dewata2012-02-238-11/+11
| | | | | | | | | The Utils classes in com.netscape.cms.publish.publishers and com.netscape.cms.servlet.common packages have been renamed to PublisherUtils and ServletUtils to avoid conflicts with com.netscape.cmsutil.util.Utils. Ticket #90
* Exclude junit tests from non-java componentsMatthew Harmsen2012-02-235-6/+14
| | | | | PKI TRAC Ticket #104 - exclude the java-based junit testing infrastructure from non-java components in order to build within a 'mock' environment
* Add client auth user to default installAde Lee2012-02-236-16/+171
| | | | | | | | | | | | | | | | | | When a subsystem is configured, a user is created to facilitate communication between subsystems. This user is created on the security domain ca, and is has the subsystem certificate in its user record. This user will be reused as a user that can talk to the database using the subsystem certificate for client auth. To do this, this patch does the following: 1. If not the security domain master CA, adds this user to the subsystem, and adds the subsystem cert. 2. Adds the subsystem cert subject dn to the user's record in the seeAlso attribute 3. Adds acis for this user for the $basedn and for cn=config (for VLV searches) By default, this user and acls will be added when the system is configured. To actually use the user and client auth, more config steps are required. They will be doc'ed in https://fedorahosted.org/pki/ticket/5
* BZ 739708 Selinux fix for ephemeral portsAde Lee2012-02-232-1/+4
|
* Fixed several miscellaneous build issuesMatthew Harmsen2012-02-222-3/+24
| | | | (see https://fedorahosted.org/pki/ticket/104)
* Selinux changes to allow dogtag to start on f17.Ade Lee2012-02-222-217/+219
| | | | Addresses java_exec_t issue in BZ 795966
* Sample ECC profilesAndrew Wnuk2012-02-224-2/+275
| | | | | | This patch provides two sample ECC certificate profiles. Bug: 223358.
* Bug 788787 added junit dependency plus integrated KRA OCSP and TKSMatthew Harmsen2012-02-2011-1922/+513
|