summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed KRA test.Endi Sukma Dewata2012-10-227-16/+16
| | | | | The security configuration, JAXB mappings, and test script for KRA have been updated to run properly.
* Enabled realm authentication for certificate requests.Endi Sukma Dewata2012-10-223-1/+3
| | | | | | | | | The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300
* Added REST account service.Endi Sukma Dewata2012-10-2212-5/+212
| | | | | | | | | A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
* Provide option to install, rather than replicate schema in a cloneAde Lee2012-10-2210-8/+59
|
* Reorder VLV indexing for clones to avoid errorsAde Lee2012-10-225-16/+15
|
* Added PKIPrincipal.Endi Sukma Dewata2012-10-182-26/+60
| | | | | | | | | | | Previously in PKIRealm the authentication token was stored in a thread local variable. This does not work for multiple operations executed using the same session because each operation may be handled by different threads. A new PKIPrincipal has been added to store the authentication token so that the threads can get the correct token for the session. Ticket #357
* Added PKIConnection.Endi Sukma Dewata2012-10-1815-335/+403
| | | | | | | | | The code in PKIClient has been refactored into PKIConnection such that a single connection object can be used by several REST clients. The PKIClient will remain the base class for all REST clients. Ticket #357
* Fixes to get TPS to configure correctlyAde Lee2012-10-184-18/+22
| | | | | | | | 1. Reorder http.conf to actually read worker config 2. Change functions so that the TPS would restart. Before restarts would fail because the tus link already exists 3. Modify system verification test to return correctly when tests are successful
* Refactored GetCookie servlet.Endi Sukma Dewata2012-10-181-89/+43
| | | | | | | The GetCookie servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Enabled authentication for security domain REST interface.Endi Sukma Dewata2012-10-1818-157/+460
| | | | | | | | The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
* Reverted to old interface and httpclient to get installation token.Ade Lee2012-10-122-0/+31
| | | | | This is a workaround until we can get the new interface working on IPA clones.
* Added net-tools dependencyAde Lee2012-10-121-0/+2
|
* changes to remind folks not to use pkicreate/pkiremoveAde Lee2012-10-122-178/+8
|
* Update tomcatjss dependencyAde Lee2012-10-122-7/+13
|
* Return to d9 behavior for RetrieveModificationsTaskAde Lee2012-10-111-3/+3
|
* Added pki_tomcat_script_t type and rules to support upgraded instancesAde Lee2012-10-111-1/+18
| | | | | This is so runcon in pkicontrol will continue to work for d9 style instances.
* New selinux interface needed for certmonger directory accessAde Lee2012-10-102-1/+21
|
* Added pki_tomcat_cert_t type and interface to access itAde Lee2012-10-105-1/+51
| | | | | Added permissions to certmonger to access the certdb. Also added some missing selinux permissions for pki_tomcat_t
* Update selinux-policy version to fix error from latest policy changesAde Lee2012-10-081-3/+6
|
* fix spec typoAde Lee2012-10-081-3/+6
|
* Added build requires for version of selinux-policy-develAde Lee2012-10-081-2/+9
|
* Update release to b1Ade Lee2012-10-0815-15/+39
|
* Fix name of CS.cfg backup fileAde Lee2012-10-081-1/+1
|
* Backup CS.cfg before d10 updateAde Lee2012-10-081-0/+3
|
* Merged pki-silent into pki-server.Endi Sukma Dewata2012-10-077-66/+34
| | | | | | The pki-silent package has been merged into pki-server package. Ticket #354
* Renamed "shared" folder to "server".Endi Sukma Dewata2012-10-074-20/+19
| | | | | | | The "shared" folder in /usr/share/pki has been renamed to "server" since it contains only server files. Ticket #353
* Changes to start pki_ra and pki_tps in correct contextAde Lee2012-10-0512-25/+62
| | | | | Added required selinux versions to spec file. Also added additional rule needed for F17
* add selinux context for pkidaemon, remove unneeded pid and lock codeAde Lee2012-10-055-67/+30
| | | | | remove runcon from operations, add rules for spawn/destroy, add mgrepl changes to policy
* move common policy into tps, ra templatesAde Lee2012-10-052-336/+98
|
* Use the tomcat selinux domain for the Java processesAde Lee2012-10-052-321/+97
|
* Added needed link for updated d9 -> d10 instancesAde Lee2012-10-051-1/+3
| | | | Ticket 356
* Added Provides to packages replacing obsolete packages.Endi Sukma Dewata2012-10-021-1/+17
| | | | | | | Packages that replaced old packages have been modified to specify "Provides" to satisfy dependency on the old packages. Ticket #336
* Updated release to a2Ade Lee2012-10-0115-15/+39
|
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-0144-77/+107
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* Added package checking for pkispawn.Endi Sukma Dewata2012-10-012-0/+7
| | | | | | | The pkispawn has been modified such that it will check whether the package for the subsystem being created has been installed. Ticket #332
* https://fedorahosted.org/pki/ticket/252 - TMS - ECC Key RecoveryChristina Fu2012-09-303-29/+74
|
* TMS key recovery part of - Bug 737122 - DRM: during archiving and ↵Christina Fu2012-09-281-36/+115
| | | | recovering, wrapping unwrapping keys should be done in the token
* Added version number into server status.Endi Sukma Dewata2012-09-281-0/+2
| | | | | | | The GetStatus servlet has been modified to include the server version number. Ticket #339
* Added VERSION file.Endi Sukma Dewata2012-09-2828-10/+190
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* fall back to old interface for installtoken if neededAde Lee2012-09-272-4/+87
|
* Renamed escapeDN() into escapeRDNValue().Endi Sukma Dewata2012-09-278-63/+63
| | | | | | | The escapeDN() has been renamed into escapeRDNValue() for better clarity. Ticket #193
* (fixed warning for) task #304 TMS ECC infrastructure (enrollment with ↵Christina Fu2012-09-261-2/+2
| | | | client-side and server-side key generation, and key archival)
* Correctly resolve symlinks in subdirectoriesMatthew Harmsen2012-09-251-3/+4
| | | | | | | | | | | | * TRAC Ticket #338 - Dogtag 10: pkihelper.py directory.set_mode() does not resolve symlinks correctly This patch fixes the problem that although top-level symlinks are correctly identified as symbolic links, symlinks which exist under a subdirectory are incorrectly identified as files, and thus the 'chown' and 'chmod' commands are applied to the symlink which in turn actually get applied to the target file instead.
* Merged pki-setup into pki-server.Endi Sukma Dewata2012-09-255-57/+43
| | | | | | | The scripts to create and remove PKI instances have been moved from pki-setup into pki-server package. Ticket #336
* Use getStatus servlet to provide startup statusAde Lee2012-09-212-0/+8
| | | | Ticket 314
* Audit Cert RenewalMatthew Harmsen2012-09-201-2/+2
| | | | | * TRAC Ticket #333 - Increase audit cert renewal range to 2 years * Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years
* time based searchesAndrew Wnuk2012-09-207-412/+254
| | | | | | | This patch removes "fixed" year from time based searches for agent and EE interfaces. It also unifies time selection between search and revocation templates. Bug 854420.
* Changes to use standard dbuserAde Lee2012-09-197-26/+111
| | | | | | | | | | | | | | | | | We create a user that can be used to connect to the database using the subsystem cert for client auth. We identified this user, using the seeAlso attribute and provided certmap rules to this effect. For this user, we used to reuse the uid = user CA-hostname-port, which is already created for inter-system communication. But this is problematic if more than one dbuser exists, as the directory server may bind as the incorrect user. In any replication topology, there must be only one dbuser using the subsystem cert. To simplify things, we create a new user specifically for this purpose (pkidbuser), and we remove the seeAlso attribute from the older dbusers. A script is needed to convert existing dogtag 9 istances to use the new user, and set the relevant acls. This will be done in a separate commit.
* Provide default for operations transition list, related # 858816.Jack Magne2012-09-191-0/+1
|
* Added DN and filter escaping in ConfigurationUtils.Endi Sukma Dewata2012-09-191-19/+19
| | | | | | | The ConfigurationUtils has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193