summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fixed pki help CLI.Endi S. Dewata2015-07-0213-6/+148
| | | | | | A new findModules() method has been added to the CLI class to find the list of modules handling a command. The list will be used by the pki help CLI to find the proper man page for the specified command.
* Unable to select ECC Curves from EE fix.Jack Magne2015-07-021-1/+80
| | | | | | | | | | | | | | | | Ticket #1446: Without the crypto object, the user is now presented with a very bared bones keygen tag powered UI. ONe can only select a key strength and only use RSA. This fix adds simple UI to make better use of the keygen tag: 1. Allows the use of ECC. 2. Gives simple info on how the key strengths map to RSA key size and ECC curves. When the user selects High, they get RSA 2043, and ECC nistp384. When the user selects Medium, they get RSA 1024, and ECC nistp256.
* Limited Interactive Installation SupportMatthew Harmsen2015-07-022-33/+56
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Fix Pin Reset tokenType resolution.Jack Magne2015-07-012-13/+31
| | | | | | | Ticket #1423 Pin reset operation using tpsclient fails. Recently we had added a new way to resolve the profile. That new method was not used in the PinReset Processor. This fix addresses that and allows the Pin Reset operation to complete.
* Add GP211 applet and latest GP201 applet for RSA.Jack Magne2015-07-015-43/+34
| | | | | | | | | Ticket # 793: Add support for Secure Channel Protocol 02 Properly select the coolkey applet in the "getAppletVersion" routine. For some reason the gp211 applet revealed this issue. Tested to work with both gp211 scp02 card and gp201 scp01 card.
* Ability to toggle profile usablity in Web vs CLI tools.Jack Magne2015-07-011-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Ticket #1442. This fix gives the command line enrollment commands the ability to enroll a cert against a profile that has been marked as not visible but "enabled". With the simple fix the following scenarios tested to work: The "caUserCert" Profile was marked as not visible, but enabled. 1. pki -c Secret123 client-cert-request --profile caUserCert uid=jmagne This is the simplest form of user cert enrollment. 2. pki ca-cert-request-profile-show caUserCert --output testuser.xml pki ca-cert-request-submit testuser.xml The first command gives us the profile's xml file, which after modification is used to enroll. 3. pki -d ~/.dogtag/pki -c "" -n "PKI Administrator for localdomain" ca-profile-show caUserCert This one shows that we can view the contents of a non visible profile. Listing is not allowed. We felt this appropiate to allow a command line user to get the details of a non visible profile that they know aobut and want to use.
* Ticket 1438 pkispawn: SSL_ForceHandshake issue for non-CA on HSM on both ↵Christina Fu2015-07-011-35/+72
| | | | shared and nonshared tomcat instances
* Cleaned up SystemConfigService.configureClone().Endi S. Dewata2015-07-012-51/+23
| | | | | | The getCloningData() in SystemConfigService has been renamed to configureClone(). Redundant try-catch blocks have been removed. Some exception messages have been modified to include more info.
* Cleaned up SystemConfigService.validateRequest().Endi S. Dewata2015-07-014-34/+41
| | | | | | | | | | The configure() in SystemConfigService method has been modified to log only the error message in normal responses but log the full stack trace when unexpected issues occur. The validateData() in SystemConfigService has been renamed to validateRequest() for clarity. The log messages have been modified to include the invalid values entered in the request.
* Updated pki man page.Endi S. Dewata2015-06-301-0/+25
| | | | | | | The pki man page has been updated to describe results paging parameters. https://fedorahosted.org/pki/ticket/1122
* Updated pki-cert man page.Endi S. Dewata2015-06-301-0/+67
| | | | | | | The man page for pki-cert has been modified to describe the file format used to specify the search constraints. https://fedorahosted.org/pki/ticket/995
* Fixed Modutil.is_security_module_registered().Endi S. Dewata2015-06-291-45/+45
| | | | | | | | Due to issues with HSM the Modutil.is_security_module_registered() has been modified to the get the list of all registered modules and then use it to check if a module is registered. https://fedorahosted.org/pki/ticket/1444
* Added subsystem installation status check toAsha Akkiangady2015-06-2536-410/+606
| | | | pki ca-user and kra-user tests.
* Fixed selftests log message.Endi S. Dewata2015-06-2315-809/+449
| | | | | | | | | | | | | The SelfTestSubsystem has been modified to display a 'successful' message only if all tests have passed. If a test fails, it will log a failure, subsequent tests will not be executed, and the subsystem will shutdown immediately. The runSelfTest() in various tests have been cleaned up to throw the original exception to help troubleshooting. The unused RAPresence test has been removed. https://fedorahosted.org/pki/ticket/1249
* Added pki kra-user files location to Makefile.Asha Akkiangady2015-06-221-25/+25
|
* Created tests for pki kra-user, ocsp-user,Asha Akkiangady2015-06-2259-34/+45119
| | | | | tks-user and tps-user. Fixed pki user tests syntax errors.
* Remove ExcludeArch directiveMatthew Harmsen2015-06-204-20/+16
|
* Fixed ProxyRealm for Tomcat 8.Endi S. Dewata2015-06-191-0/+5
| | | | | The Realm interface has changed in recent Tomcat 8 version. The ProxyRealm class that implements it has been updated accordingly.
* Updated version number to 10.2.6-0.1Matthew Harmsen2015-06-197-11/+23
|
* Update release number for release build (10.2.5-1)Matthew Harmsen2015-06-194-4/+16
|
* Add profiles schema update fileFraser Tweedale2015-06-191-0/+4
| | | | | | | | | Dogtag does not yet have a reliable way to update its schema, but FreeIPA does need to add the new schema for LDAP-based profiles during upgrade to 4.2. As a temporary solution until Dogtag can manage its own schema updates (including when deployed as FreeIPA CA), FreeIPA will perform the schema upgrade. Provide a schema file that FreeIPA can use to do this.
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-182-0/+4
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Check security module registrationMatthew Harmsen2015-06-182-0/+59
| | | | | | - PKI TRAC Ticket #1426 - pkispawn of KRA on HSM fails (shared instances) - PKI TRAC Ticket #1427 - pkispawn of OCSP on HSM fails (shared instances) - PKI TRAC Ticket #1429 - pkispawn of TKS on HSM fails (shared instances)
* Fixed thread leaks during shutdown.Endi S. Dewata2015-06-1836-92/+137
| | | | | | | | Various codes have been modified to properly stop threads during shutdown. A new ID attribute has been added to the LDAP connection factory classes to help identify leaking threads. https://fedorahosted.org/pki/ticket/1327
* ticket 867 symkey library path link fixChristina Fu2015-06-183-6/+9
|
* Fixed pkidaemon to show TPS status.Endi S. Dewata2015-06-183-5/+36
| | | | | | | The operations script and the server.xml templates have been modified to display TPS status in pkidaemon. https://fedorahosted.org/pki/ticket/1278
* Fixed typos in Web UI.Endi S. Dewata2015-06-182-2/+2
|
* Bugzilla Bug #1230970 - Errata TPS tests for rpm verification failedMatthew Harmsen2015-06-171-2/+4
|
* Fix for HSM cloning issueMatthew Harmsen2015-06-172-0/+47
|
* fix pylint issueChristina Fu2015-06-171-2/+2
|
* add pkiuser to nfast groupMatthew Harmsen2015-06-164-0/+96
| | | | - PKI TRAC Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group
* Startup log message improvementes.Endi S. Dewata2015-06-163-9/+96
| | | | | | | | The PKIListener has been modified to verify that all subsystems are running and to show the command to enable the subsystem if it was disabled due to errors. https://fedorahosted.org/pki/ticket/1406
* CRMFPopClient improvements.Endi S. Dewata2015-06-161-12/+33
| | | | | | The CRMFPopClient has been modified to use the HttpClient library to connect to the server, to show the HTTP status code if an error occurs, and to show the NSS database directory in verbose mode.
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Mozilla crypto object warning:Jack Magne2015-06-162-1/+8
| | | | | | Provide simple textual warning when the user is using a browser that no longer supports the crypto object, which results in reduced CA certficat enrollment functionality. For simplicity provide the warning at the top of the main index page and at the top of the CA's services page. The services page is where the pkispawn of the CA points the uers after installation. The ticket originally called for a JS warnign but the simple text warning should be less intrusive and repetitive to the user. Ticket #1398 Provide UI Javascript warning for missing Mozilla Crypto Object in the CA.
* Warning for the main index to tell the user that the crypto object is not ↵Jack Magne2015-06-161-0/+8
| | | | available for use in the browser.
* Run pylint on upgrade scriptsChristian Heimes2015-06-1626-45/+48
| | | | | | | pylint-build-scan.sh doesn't checked the upgrader's Python files yet. This patch adds the common and server upgrade scripts to pylint-build-scan.sh. It also fixes a couple of pylint violations, mostly missing calls to __init__().
* Make pki group-member-show case insensitiveChristian Heimes2015-06-161-2/+2
| | | | | | | | Make the memberID argument of getGroupMember() case insensitive. The groupID argument is already case insensitive. The groupID string is used as CN element in an LDAP query, which is case insensitive by definition. https://fedorahosted.org/pki/ticket/1069
* Add new KRA audit events to KRA's CS.cfgChristian Heimes2015-06-162-0/+76
| | | | | | | The patch implements an updater, that adds the new KRA signed audit events (#1160) to KRA's CS.cfg. https://fedorahosted.org/pki/ticket/1382
* NPE when modifying profile without 'action' paramChristian Heimes2015-06-161-0/+5
| | | | | | | In modifyProfileState check the 'action' query paramter for NULL and raise a BadRequestException when the paramater is not set. https://fedorahosted.org/pki/ticket/1361
* Update: fix CS.cfg permissionsFraser Tweedale2015-06-161-0/+1
| | | | | The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned by root. chown CS.cfg to the instance owner.
* Upgrade: add scriptlet to fix nuxwdog listener classFraser Tweedale2015-06-161-0/+36
|
* Upgrade: check file exists before chowningFraser Tweedale2015-06-161-1/+2
| | | | | | Dogtag entered a state where an upgrade script failed before it was trying to chown a file that didn't exist. Add a check that the file exists.
* Invoke PKIInstance.load() during upgradeFraser Tweedale2015-06-161-0/+3
| | | | | | Some upgrade servlets use attributes loaded when PKIInstance.load() is invoked, but it may not have been; breakage ensues. Invoke it before executing upgrade scriptlets.
* Ticket 1412 Should disable the caCrossSignedCACert and caRACert profileChristina Fu2015-06-152-4/+4
|
* Ticket 1410 Issue with Generic Extension being criticalChristina Fu2015-06-154-10/+35
| | | | - patch ported from https://bugzilla.redhat.com/show_bug.cgi?id=1011984
* Added pki user KRA, OCSP, TKS and TPS tests.Asha Akkiangady2015-06-1565-2936/+46162
| | | | Modified user CA test scripts to check for subsystem installed status.
* Cleaned up links in main page.Endi S. Dewata2015-06-117-135/+20
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Remove x86 architecture limitationsMatthew Harmsen2015-06-119-158/+5
| | | | - PKI Trac Ticket #1392 - Remove i686/x86_64 architecture
* Changes to directory hierarchy of CA and KRA group testsRoshni Pattath2015-06-1118-0/+0
|
generated by cgit (git 2.34.1) at 2024-09-24 20:34:03 +0000