summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Ticket 1410 Issue with Generic Extension being criticalChristina Fu2015-06-154-10/+35
| | | | - patch ported from https://bugzilla.redhat.com/show_bug.cgi?id=1011984
* Added pki user KRA, OCSP, TKS and TPS tests.Asha Akkiangady2015-06-1565-2936/+46162
| | | | Modified user CA test scripts to check for subsystem installed status.
* Cleaned up links in main page.Endi S. Dewata2015-06-117-135/+20
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Remove x86 architecture limitationsMatthew Harmsen2015-06-119-158/+5
| | | | - PKI Trac Ticket #1392 - Remove i686/x86_64 architecture
* Changes to directory hierarchy of CA and KRA group testsRoshni Pattath2015-06-1118-0/+0
|
* Merge branch 'master' of ssh://git.fedorahosted.org/git/pkiRoshni Pattath2015-06-110-0/+0
|\
| * OCSP, TKS and TPS group testsroot2015-06-1060-254/+39496
| |
* | OCSP, TKS and TPS group testsRoshni Pattath2015-06-1160-254/+39496
|/
* Fixed NPE in ROOT's index.jsp.Endi S. Dewata2015-06-081-17/+27
| | | | | | | The ROOT's index.jsp has been modified to check each subsystem's servlet context for null before accessing the value. https://fedorahosted.org/pki/ticket/1407
* Added man page for pki group-member.Endi S. Dewata2015-06-084-24/+123
| | | | https://fedorahosted.org/pki/ticket/1064
* Added man page for pki user-cert.Endi S. Dewata2015-06-084-0/+112
| | | | https://fedorahosted.org/pki/ticket/849
* Fixed man page for pki user-mod.Endi S. Dewata2015-06-081-8/+18
| | | | https://fedorahosted.org/pki/ticket/835
* Ticket 867 Need to support TPS as a separate tomcat instance.Christina Fu2015-06-014-11/+6
| | | | | This patch addressed the issue that TPS on independent Tomcat is missing symlink to symkey.jar and causes all symkey method reference to fail
* remove extra space in CS.cfg for ↵Christina Fu2015-05-291-1/+1
| | | | op.format.soCleanSOToken.validateCardKeyInfoAgainstTokenDB=true
* Fixed overwritten deployment property.Endi S. Dewata2015-05-292-2/+1
| | | | | | | The pki_pin has been removed from the default.cfg to avoid overwriting the randomly generated default value. https://fedorahosted.org/pki/ticket/1393
* Fix typo in CS.cfgAde Lee2015-05-291-1/+1
|
* BZ1226025 - pkidaemon script checks for wrong symlinks for nuxwdog startupAde Lee2015-05-291-7/+13
| | | | Fixed startup script to account for nuxwdog
* Cleaned up python docs generation.Endi S. Dewata2015-05-287-66/+66
| | | | | | | The script to generate Python docs has been cleaned up and simplified. The python-sphinx configuration files have been moved into base/common/python. The build artifacts are now created in the build/base/common/python.
* PKI TRAC Ticket #1388 - pylint unidiomatic-typecheck warnings cause koji ↵Matthew Harmsen2015-05-262-4/+5
| | | | | | builds to fail (cherry picked from commit d2c24aff4e9dc6aa27b337479cfee1fac4940994)
* Updated version number to 10.2.5-0.1Matthew Harmsen2015-05-267-11/+23
|
* Update release number for release build (10.2.4-1)Matthew Harmsen2015-05-264-4/+16
|
* Ticket 1309 Recovering of a revoked cert erroneously reflects "active" in ↵Christina Fu2015-05-229-18/+215
| | | | the token db cert entry
* disable backup keys and share master keys when using an HSMMatthew Harmsen2015-05-223-6/+51
| | | | | - PKI TRAC Ticket #1371 - pkispawn: need to disable backup_keys when using an HSM (and provide recommendation); allow clones to share keys
* Added deployment parameters to construct pki_clone_uri.Endi S. Dewata2015-05-223-4/+6
| | | | | | | | New parameters have been added into the default.cfg to specify the master hostname and port for pki_clone_uri. By default they point to the security domain. The man page has been updated as well. https://fedorahosted.org/pki/ticket/1385
* Fixed key archival problem in CLI with separate KRA instance.Endi S. Dewata2015-05-223-60/+108
| | | | | | | | | | The CLI has been modified such that when enrolling a certificate with key archival it will obtain the transport certificate from the CA instead of KRA because the KRA may not reside on the same instance. The CA REST service has been modified such that it will obtain the transport certificate from the KRA connector. https://fedorahosted.org/pki/ticket/1384
* Cleaned up log messages in ConfigurationUtils.getPortFromSecurityDomain().Endi S. Dewata2015-05-221-4/+16
| | | | https://fedorahosted.org/pki/ticket/1372
* Use SimpleProperties to handle raw profile formatFraser Tweedale2015-05-221-2/+21
| | | | | | | | The store() method of the 'Properties' class escapes '=' and ':' in values, corrupting the profile data. Continue using 'Properties' to read the input (unescaping values) then copy the properties into a 'SimpleProperties' object so that unwanted backslashes do not appear in the output.
* Ticket 1307 (part2 keySet mapping) [RFE] Support multiple keySets for ↵Christina Fu2015-05-2110-242/+477
| | | | different cards for ExternalReg This patch adds support to keyset mapping
* Ticket 1307 (part1 refactoring) [RFE] Support multiple keySets for different ↵Christina Fu2015-05-2110-246/+249
| | | | cards for ExternalReg This patch is mainly refactoring the names of the Mapping Resolver framework in preparation for ticket 1307 to support keySet mapping in addition to the original purpose of resolving tokenType mapping. The reason to separate out refactoring from the real code is for ease of reviewing. TPS is currently a Tech Preview feature, so upgrade is not of consideration at the moment.
* pki ca,kra,ocsp,tks,tps selftest cli automationNiranjan Mallapadi2015-05-2124-0/+6371
|
* Fix XSS attacks on the dogtag administration page #1373.Jack Magne2015-05-1512-141/+127
| | | | | | | | | | | | Porting this set of fixes over from last downstream release upstream. Upon further review, decided to fix a few missing things pointed out by the code review and a few other things: 1. Too many copies of escapeJavaScriptString all over the place. Consolidated the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes. 2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed. XSS fixes.
* Ticket 1160 audit needed for getKeyInfo; audit missing for auth/authz at ↵Christina Fu2015-05-144-46/+166
| | | | REST. This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing.
* Fixed pylint warning in pkihelper.py.Endi S. Dewata2015-05-141-1/+1
|
* Fixed problem redeploying subsystem.Endi S. Dewata2015-05-141-3/+13
| | | | | | | | The pki-server subsystem-enable CLI has been modified to deploy the subsystem from a custom location if available, or from the default location otherwise. https://fedorahosted.org/pki/ticket/1381
* Added key-show option.Endi S. Dewata2015-05-142-13/+30
| | | | | The key-show CLI has been modified to provide an option to find the active key info using the client key ID.
* modify contents of serverCertNick.confMatthew Harmsen2015-05-133-0/+48
| | | | | - PKI TRAC Ticket #1370 - pkispawn: installation with HSM from external CA should hold off prepending token name in serverCertNick.conf till phase 2
* Ticket 1160 audit logging needed: REST API auth/authz; kra for getKeyInfoChristina Fu2015-05-134-39/+281
| | | | | | - (1) REST API auth/authz - this patch addresses the first part of this ticket where auditing is completely missing for authentication and authorization at the REST interface.
* Update nuxwdog and tomcatjss dependenciesAde Lee2015-05-121-4/+29
|
* Refactored upgrade scripts.Endi S. Dewata2015-05-119-186/+35
| | | | | | | The upgrade scripts have been modified to use the uid and gid provided by PKIInstance object. https://fedorahosted.org/pki/ticket/1341
* Added options for internal token and replication passwords.Endi S. Dewata2015-05-116-165/+41
| | | | | | | | The installation code has been modified such that the admin can optionally specify passwords for internal token and replication. Otherwise the code will generate random passwords like before. https://fedorahosted.org/pki/ticket/1354
* Patches to get nuxwdog working with systemdAde Lee2015-05-1020-35/+157
| | | | | | | | | | | | | | | | | | | | | | This patch adds some new unit files and targets for starting instances with nuxwdog, as well as logic within the pki-server nuxwdog module to switch to/from the old and new systemd unit files. It also corrects some issues found in additional testing of the nuxwdog change scripts. To use nuxwdog to start the instance, a user needs to do the following: 1. Create an instance normally. 2. Run: pki-server instance-nuxwdog-enable <instance_name> 3. Start the instance using: systemctl start pki-tomcatd-nuxwdog@<instance_name>.service To revert the instance, simply do the following: 1. Run: pki-server instance-nuxwdog-disable <instance_name> 2. Start the instance using: systemctl start pki-tomcatd@<instance_name>.service
* Fixed installation logs.Endi S. Dewata2015-05-081-6/+13
| | | | | | | | | To help troubleshooting installation failures the pkihelper.py has been modified to display the error code returned by the server before parsing the error message. If there is a parsing error, the unparsed message will now be displayed. The redundant 'raise' and 'return' statements have been removed.
* Get profile ID from DN instead of CN attributeFraser Tweedale2015-05-081-8/+15
|
* Simple fix for this is not requiring the pki_client_database_password to be ↵Jack Magne2015-05-071-1/+3
| | | | | | set when performing a clone operation. Tested with a cloned CA and a couple of other subysstems, such as OCSP.
* Fix #1351 pki securitydomain-get-install-token fails when run with caadmin user.Jack Magne2015-05-075-178/+11
| | | | | | | | | | The short term solution to this problem was to remove the man page information and all references to the command line module reponsible for this issue. The installer already has an alternative method to remove a subsystem from the security domain list. We now assume the alternate method and don't even try to find the token at this point. A user at the command line of the pki command will no longer be able to attempt this as well. Tested this to verify that the man page for the "securtydomain" command no longer mentions or documents the "get-install-token" variant. Tested to verify that this command can't be manually called from the command line using "pki". This attempt results in an "unknown module". Tested by installing and uninstalling a subsytem. The security domain was kept up to date as expected for each install over remove attempted.
* Fixed pylint warnings.Endi S. Dewata2015-05-071-0/+3
| | | | | | | The pki.server Python module has been fixed to remove pylint warnings generated by recent changes. https://fedorahosted.org/pki/ticket/1353
* Ticket #572 - CRL scheduler adds extra CRL generation at midnight for daily ↵Jack Magne2015-05-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | schedules. Addresses the complaint of this ticket. Tested to work in a few basic cases. The minor code change was designed to only affect the specific scenario when we have a daily scedule that spans only one day. More Info: How to duplicate and test: Perform a manual crl generate from the agent interface because the code to be tested relies heavily upon the "lastUpdate" which will appear in the logs. Do this to have a nice launching off point. Go to the ca's pkiconsole and select : Certificate Manager -> CRL Issuing Points -> MasterCRL. Check "updateCRL at: " and give a schedule such as : 15:03, 15:10 .. This gives us a chance to watch the two regularly scheduled updates happen. When the first event triggers, have a look at the CA's "debug" log and note the following or similar entry: [CRLIssuingPoint-MasterCRL]: findNextUpdate: Wed May 06 15:10:00 PDT 2015 delay: 86301873 Wait for the 15:00 even to happen. When that triggers at the end of that cycle, we should see one more similar entry. [CRLIssuingPoint-MasterCRL]: findNextUpdate: Wed May 06 15:03 PDT 2015 delay: 86301873 That is the correct behavior after the fix. We want the next update to be at the first entry of the daily schedule , but tomorrow. The current bug would print out this value as something like: Wed May 06 00:00:00 or similar to indicate midnight. This is not what we want.
* Fixed migration tool to update Tomcat libraries.Endi S. Dewata2015-05-062-7/+44
| | | | | | | | The migration tool has been fixed to update the links to Tomcat libraries in the instance folder to match the current Tomcat version installed on the system. https://fedorahosted.org/pki/ticket/1353
* Ticket 1295 Upgrade script for - CA: OCSP via GET does not workChristina Fu2015-05-052-0/+79
|
* Fixed authentication data in audit log.Endi S. Dewata2015-05-057-38/+124
| | | | | | | | | | | The REST methods may be executed by different threads even though they are invoked in the same session. A new interceptor has been added to all subsystems to make sure the SessionContext is created properly for each thread. This will fix the authentication data in the audit log. The SessionContext has also been improved to use ThreadLocal instead of a global Hashtable. https://fedorahosted.org/pki/ticket/1054
generated by cgit (git 2.34.1) at 2024-07-02 16:52:25 +0000