summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fixed date format for cert-find parameters.ticket-497-1Endi Sukma Dewata2013-02-042-18/+19
| | | | | | | | All date parameters for cert-find have been modified to use the YYYY-MM-DD date format. Date parsing code in FilterBuilder has been modified not to ignore parsing errors. Ticket #497
* Added interactive subsystem installation.Endi Sukma Dewata2013-02-049-145/+355
| | | | | | | | | | The pkispawn has been modified such that the configuration file and subsystem type are optional. The pkidestroy has been modified such that the instance name and subsystem type are optional. If any of these options are not specified they will enter an interactive mode. Ticket #380
* Fixed getInstallToken() invocation.Endi Sukma Dewata2013-02-043-6/+8
| | | | | | | The configuration code has been modified to use the REST interface to get the installation token and ignore CA cert validation errors. Ticket #476
* Session-based nonces.Endi Sukma Dewata2013-02-0416-238/+258
| | | | | | | | | | | | | | | | | | | | | | | Previously nonces were stored in a global map which might not scale well due to some issues: 1. The map uses the nonces as map keys. There were possible nonce collisions which required special handling. 2. The collision handling code was not thread safe. There were possible race conditions during concurrent modifications. 3. The map was shared and size limited. If there were a lot of users using the system, valid nonces could get pruned. 4. The map maps the nonces to client certificates. This limits the possible authentication methods that can be supported. Now the code has been modified such that each user has a private map in the user's session to store the nonces. Additional locking has been implemented to protect against concurrent modifications. The map now uses the target of the operation as the map key, eliminating possible collisions and allowing the use of other authentication methods. Since this is a private map, it's not affected by the number of users using the system. Ticket #474
* Merged cert-request-review/approve commands.Endi Sukma Dewata2013-02-045-99/+142
| | | | | | | The cert-request-approve has been merged into cert-request-review to ensure that these operations are executed in the same session. Ticket #474
* Bug 903401 - TMS: RSA token enrollment failed : public key decode errorChristina Fu2013-01-262-12/+22
|
* Fixed CLI 'cert-find' clientAuth FQDN hostname issueMatthew Harmsen2013-01-253-10/+92
| | | | * TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue
* Ticket 419 - REST interface for cert requestsAde Lee2013-01-223-0/+151
|
* https://fedorahosted.org/pki/ticket/362 RFE: CMC ECCChristina Fu2013-01-1514-390/+871
|
* Trac Ticket 481 - Build pki-core 10.0.1Ade Lee2013-01-154-12/+37
|
* Added LDAP exception converter.Endi Sukma Dewata2013-01-152-3/+50
| | | | | | | A utility class has been added to convert LDAP exceptions into PKI exceptions. Ticket #191, #214
* Added nonce validation for certificate revocation.Endi Sukma Dewata2013-01-1510-66/+166
| | | | | | | The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213
* Resolved Trac Ticket 367 - pkidestroy does not remove connectorAde Lee2013-01-1522-111/+1064
| | | | | | | | | | | * Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
* Added third-party license fileMatthew Harmsen2013-01-102-1/+66
| | | | * TRAC Ticket #430 - License for 3rd party code
* Bug 839426 - [RFE] ECC CRL support for OCSPChristina Fu2013-01-091-1/+23
|
* Fix spec file to allow f17 to work with latest tomcatjssAde Lee2013-01-081-2/+2
|
* Increase root CA validity to 20 yearsAde Lee2013-01-074-5/+5
| | | | Trac Ticket #466
* Use tomcatjss 7.1.0 and fix weird errno=0 exceptionMatthew Harmsen2013-01-076-10/+71
| | | | | | * TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and dogtag-pki.spec . . . * TRAC Ticket #468 - pkispawn throws exception
* Ticket 191 - Mapping HTTP Exception to their proper HTTP error codesAbhishek Koneru2013-01-0420-162/+333
|
* TRAC Ticket #271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . .Matthew Harmsen2012-12-192-31/+183
|
* fix typo in default.cfgAde Lee2012-12-191-1/+1
|
* Man page addition for parameter pki_client_admin_cert_p12Ade Lee2012-12-191-0/+4
|
* Make admin cert p12 file location configurableAde Lee2012-12-193-61/+18
| | | | | Ticket 437. Also moved a bunch of client path parameters to default.cfg template file.
* pkispawn modified to not relabel when selinux is disabledAde Lee2012-12-193-2/+25
| | | | Ticket 393
* Punctuation and formatting changes in man pagesAde Lee2012-12-184-78/+93
| | | | Changes provided by Deon Lackey.
* Revert to using default config file for pkidestroyAde Lee2012-12-183-12/+2
| | | | | | | | Previously, we archived the default config file when an instance was created, and used that file in running pkidestroy. We plan to replace this mechanism in favor of actually reading the instance's config files. For now, we return to using the standard default config template, so that we can change it without breaking pkidestroy.
* Hardcode setting of resteasy-lib for instanceAde Lee2012-12-183-5/+4
| | | | | | | | | | Tomcat in f17 expects the file under /etc/sysconfig/foo to be a set of environment variables being set, and parses it that way. We recently added some logic to source the global pki.conf file. This works in f18, but breaks instance startup in f17. While this works in f18, its an indication that we are using the tomcat config file incorrectly. Reverting to hardcoding resteasy lib.
* interpolate more pathsAde Lee2012-12-184-250/+63
|
* interpolated jarsAde Lee2012-12-182-300/+94
|
* interpolation for paths part 1Ade Lee2012-12-182-139/+73
|
* Removed duplicate pki_instance_id parameter.Ade Lee2012-12-186-76/+71
| | | | Ticket 435
* Replace file dependencies with package dependenciesAde Lee2012-12-181-6/+8
| | | | Ticket 306
* Updated pki-core spec file to 10.0.0-2Ade Lee2012-12-101-1/+4
|
* More edits to man pages including spell checking provided via 'aspell'.Matthew Harmsen2012-12-104-128/+163
|
* fix typo in spec fileAde Lee2012-12-071-1/+1
|
* Update to rc1 buildAde Lee2012-12-0715-73/+39
|
* Revised 'pki_default.cfg5' man page.Matthew Harmsen2012-12-071-18/+179
|
* Added more detail to man page for pki(1)Ade Lee2012-12-071-27/+171
|
* Added man pages.Matthew Harmsen2012-12-067-1/+545
| | | | | * TRAC Ticket #315 - Man pages for pkispawn/pkidestroy. * Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.
* Remove server code from CertSearchRequestAde Lee2012-12-074-312/+337
| | | | Ticket #418
* Parameterizing RESTEasy paths.Endi Sukma Dewata2012-12-0620-188/+132
| | | | | | | | | The paths to RESTEasy jar files have been modified such that it can be configured globally at build time using the spec file to support different distributions, and at deployment time using a system-wide configuration in /etc/pki/pki.conf. Ticket #422, #423.
* number verificationAndrew Wnuk2012-12-064-6/+30
| | | | | | This patch improves number verification. Bug 864397.
* Implemented ability to utilize an external CAMatthew Harmsen2012-12-068-64/+148
| | | | * TRAC Ticket #231 - Dogtag 10: Update PKI Deployment to handle external CA
* Latest TPS memory related fixes.Jack Magne2012-12-063-292/+400
|
* Modified section on sample.cfgAde Lee2012-12-051-1/+1
|
* Archiving default deployment configuration.Endi Sukma Dewata2012-12-0410-138/+206
| | | | | | | | | | | The default deployment configuration has been renamed and moved to /etc/pki/default.cfg to make it more accessible to users. The pkispawn has been modified to archive the default deployment configuration along with the user-provided configuration in the registry. The pkidestroy will now use both archived configuration files to ensure proper removal of the subsystem. Ticket #399
* Run restorecon on top-level log directoryNathan Kinder2012-12-041-0/+1
| | | | | | | | | | | We currently run a restorecon on the instance log directory, but not on the top level log directory. Restorecon is required for the top level log directory since pkispawn creates it. Without running a restorecon, it gets the label of the parent directory (var_log_t) instead of consulting the fcontext rule in the base policy and using pki_var_log_t. Ticket #431
* Interpolation correction patch based on review commentsAde Lee2012-12-045-75/+57
|
* Use interpolation to build default parametersAde Lee2012-12-045-754/+139
| | | | | | This patch replaces the code in pkiparser with defaults that are built up using ConfigParser interpolation. The patch gets most (but not all) default parameters.
* I18n for ProfileList.template.Endi Sukma Dewata2012-12-036-38/+96
| | | | | | | | | | | | | The messages in ProfileList.template in CA EE has been extracted into a properties file which can be translated separately. The original messages in the template have been marked as follows: <span class="message" name="...key...">...message...</span> When the page is loaded into the browser, the original message will be replaced with the translated messages. Ticket #406
generated by cgit (git 2.34.1) at 2024-04-19 20:02:37 +0000