summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Renamed base/deploy to base/server.Endi Sukma Dewata2013-04-0939-8/+12
| | | | | | | The base/deploy folder has been renamed to base/server to match the package name. The pki.conf has been moved into pki-base package. Ticket #553, #564
* Bug 929043 - updated serverCert.profile with SAN results in ↵Christina Fu2013-04-035-4/+61
| | | | | | SubjectAltNameExtDefault gname is empty, not added in cert ext during configuration Bug 927545 - Transport Cert signing Algorithm doesn't show ECC Signing Algorithms during DRM configuration with ECC
* Separate folder for python deployment engine source code.Abhishek Koneru2013-04-038-29/+29
| | | | | | | | Place the python deployment source code and the python deployment scriptlets in two seperate folders base/deploy/src/engine and /base/deploy/src/scriptlets in the project. Ticket #521
* Added securitydomain.checkIP parameterMatthew Harmsen2013-04-031-0/+1
| | | | * Bugzilla Bug #947524 - Clone installation does not work over NAT
* Remove pki_backup_password from examples in pkispwan.Abhishek Koneru2013-04-028-15/+0
| | | | | | | | Since pki_backup_password depends on pki_backup_keys to be true, it is misleading to mention only pki_backup_password in the man page. It is removed from the examples in the man page. Ticket #465
* Change timeout from number of tries to total time.Abhishek Koneru2013-04-022-7/+8
| | | | | | | | Change the current implementation of time out as number of tries to, the total time for trying to get the status of the Tomcat. Ticket #563
* Change calls CMS.AtoB and CMS.BtoA on client side.Abhishek Koneru2013-03-282-7/+7
| | | | | | | | The PKCS10Client and CRMFPopClient use the CMS.BtoA and CMS.Atob for encoding and decoding purposes which throws an exception. Instead using the base64decode and the base64encode methods in Utils. Ticket #549
* Remove unnecessary log in pkidestroy.Abhishek Koneru2013-03-271-1/+0
|
* Bug 824920 - NSCertTypeExtDefault.java incorrectly encodes ↵Christina Fu2013-03-261-3/+4
| | | | NSCertTypeExtension bits (patch from mpoole)
* Change how the password is passed to pkidestroy.Abhishek Koneru2013-03-262-8/+17
| | | | | | | | | Removed the -w <security domain password> option for pkidestroy. Added the -W <security domain password file> option which takes a file containing the password as input. It is an optional parameter. Added required information in pkidestroy. Ticket #502
* Handle the Keyboard interrupt gracefully.Abhishek Koneru2013-03-262-0/+16
| | | | | | | | Catch the KeyboardInterrupt (Ctrl-C) input during the execution of pkispawn and pkidestroy and display a proper message to user rather than a stacktrace. Ticket #536
* Add information about interactive mode in pkispawn.Abhishek Koneru2013-03-252-4/+91
| | | | | | | | Updated pkispawn/pkidestroy manpages with the steps involved during the Interactive mode installation. A brief description of all the parameters asked during the installation is provided. Ticket #471
* Bug 904289 - Add ECC Support to Certificate ProfilesChristina Fu2013-03-2515-25/+28
|
* Bug 902952 - RFE: Revocation routing with TPS and multiple non-cloned CAsChristina Fu2013-03-248-27/+420
|
* Minor fixes to pkispawn man page.Abhishek Koneru2013-03-228-3/+101
| | | | | | | | | Updating the sample configuration file entries in default CA and subordinate CA installation. Added sample configuration files for each installation type mentioned in the man page. Tickets #509, #525
* Added CLI option to capture HTTP messages.Endi Sukma Dewata2013-03-222-5/+122
| | | | | | | A new option has been added to the CLI to capture HTTP requests and responses and store them in the specified folder. Ticket #523
* Fixed JSON encoding class registration.Endi Sukma Dewata2013-03-211-5/+3
| | | | | | | The class registration for JSON encoding has been moved after the class definitions to avoid problems. Ticket #532
* Adding changes to pki-core.spec file so that the system wideAbhishek Koneru2013-03-211-1/+3
| | | | | | | | configuration file, /etc/pki/pki.conf does not get replaced on upgrade, if edited on the disk and the user's configurations are not lost. Ticket #507
* Refactor installation code to remove dependency on jythonAde Lee2013-03-2125-972/+890
| | | | | | | | | | | | | Connection is now made to the installation servlet through a python client using JSON. The code to construct the ConfgurationRequest and parse the results has been moved to pkihelper.py, and configuration.py no longer calls a separate jython process to create the Configuration object and parse the results. The jython code has therefore been removed. Also added status servlet to other java subsystems, to be tested prior to starting configuration. Trac Ticket 532
* Replaced Tomcat's random number generator.Endi Sukma Dewata2013-03-197-6/+69
| | | | | | | | | | By default Tomcat relies on /dev/random as a random number generator to generate the session ID's. Under certain conditions /dev/random may block, which will block Tomcat as well. To solve the problem all webapps in Tomcat have been configured to use the random number generator provided by JSS. Ticket #524
* Fixed python-requests compatibility issue.Endi Sukma Dewata2013-03-192-3/+7
| | | | | | | | The Python REST client has been modified to parse JSON data using a method that is compatible with python-requests 1.1. The RPM spec file has been modified to require python-requests 1.1 package. Ticket #535
* Added python build-time dependency for TPS and RA.Endi Sukma Dewata2013-03-132-2/+10
| | | | | | | Due to recent CMake script changes, TPS and RA now require python to build properly. Ticket #540
* Fixed CLI return code.Endi Sukma Dewata2013-03-131-1/+5
| | | | | | | The Perl wrapper for CLI has been fixed to pass the error code returned by Java clients. Ticket #520
* Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jarMatthew Harmsen2013-03-112-8/+4
| | | | * Additional fix for Fedora 19+
* Plug resource leaksAde Lee2013-03-0870-702/+692
|
* Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jarMatthew Harmsen2013-03-084-10/+23
|
* Added security domain info validation.Endi Sukma Dewata2013-03-0711-61/+244
| | | | | | | | | The installer script has been modified to validate security domain info in both interactive and silent installation. A basic Python API has been added to access the REST interface. Ticket #473
* Added DS info validation.Endi Sukma Dewata2013-03-073-22/+126
| | | | | | | The installer script has been modified to validate DS info in both interactive and silent installation. Ticket #472
* Patch to escape interpolations for parameters having '%' in their values.Abhishek Koneru2013-03-071-0/+2
| | | | | | Ticket #493 - Changes done to bypass interpolation for using a % as part of a value. All occurences of % will be replaced by a %% in interactive pkispawn/pkidestroy. If a file is passed, then the values with a '%' need to have an escape character %
* Clean up various eclipse warningsAde Lee2013-03-0723-164/+60
|
* Added cert-request-show command.Endi Sukma Dewata2013-03-075-26/+97
| | | | | | | A new cert-request-show command has been added to allow EE users to check certificate request status. Ticket #511
* PKI theme changesMatthew Harmsen2013-03-056-43/+66
| | | | | | | | * Correct PKI Theme for RA and TPS: ** TRAC Ticket #517 - Clean up theme dependencies * Make PKI Theme optional for CA, KRA, OCSP, TKS: ** Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme ** TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
* Added authentication method validation.Endi Sukma Dewata2013-02-1925-44/+284
| | | | | | | | | | | | | | | A new mechanism has been added to specify the authentication methods that can be used to invoke the REST methods. The AuthMethodMapping annotation maps each REST method to a list of allowed authentication methods. When a client calls a REST method, the AuthMethodInterceptor will intercept the call and verify that the client uses an allowed authentication method. Most REST methods that require authentication have been configured to require client certificate authentication. Authentication using username and password will only be used to get the installation token from security domain. Ticket #477
* Added CLI to manage user membership.Endi Sukma Dewata2013-02-1821-311/+1158
| | | | | | | | New CLI's have been added to search, add, and remove user membership. The group member management code has been refactored into a processor to allow reuse. Ticket #190
* Added certificate status option for cert-find.Endi Sukma Dewata2013-02-123-0/+33
| | | | | | | The cert-find command has been modified to provide an option to search by certificate status. Ticket #501
* Change pkidestroy to get an install token and use admin interface to updateAde Lee2013-02-115-144/+257
| | | | security domain.
* Add updateDomainXML to admin interfaceAde Lee2013-02-113-23/+102
|
* move updateNumberRange to admin interfaceAde Lee2013-02-113-51/+61
|
* remove unneeded getTokenInfo servletAde Lee2013-02-114-71/+0
|
* Fix get cert chain to use admin port onlyAde Lee2013-02-112-3/+11
|
* Additional output attributes for cert-find.Endi Sukma Dewata2013-02-074-17/+213
| | | | | | | | The cert-find command has been modified to include some additional attributes including certificate type and version, key algorithm name and length, validity dates, creation time and issuer. Ticket #498
* Fixed validity duration options for cert-find.Endi Sukma Dewata2013-02-073-33/+66
| | | | | | | | | The cert-find command has been fixed to show better error messages on missing validity duration options. The validity duration unit has been changed to take "day", "week", "month", or "year" and convert it into milliseconds. Ticket #291, #500
* Fixed conflicting security domain hosts.Endi Sukma Dewata2013-02-074-45/+69
| | | | | | | | The SecurityDomainProcessor has been modified to generate the host ID from the subsystem type, hostname, and secure port instead of relying on the user-configurable SubsystemName attribute. Ticket #503
* Fixed date format for cert-find parameters.Endi Sukma Dewata2013-02-072-18/+19
| | | | | | | | All date parameters for cert-find have been modified to use the YYYY-MM-DD date format. Date parsing code in FilterBuilder has been modified not to ignore parsing errors. Ticket #497
* Added interactive subsystem installation.Endi Sukma Dewata2013-02-049-145/+355
| | | | | | | | | | The pkispawn has been modified such that the configuration file and subsystem type are optional. The pkidestroy has been modified such that the instance name and subsystem type are optional. If any of these options are not specified they will enter an interactive mode. Ticket #380
* Fixed getInstallToken() invocation.Endi Sukma Dewata2013-02-043-6/+8
| | | | | | | The configuration code has been modified to use the REST interface to get the installation token and ignore CA cert validation errors. Ticket #476
* Session-based nonces.Endi Sukma Dewata2013-02-0416-238/+258
| | | | | | | | | | | | | | | | | | | | | | | Previously nonces were stored in a global map which might not scale well due to some issues: 1. The map uses the nonces as map keys. There were possible nonce collisions which required special handling. 2. The collision handling code was not thread safe. There were possible race conditions during concurrent modifications. 3. The map was shared and size limited. If there were a lot of users using the system, valid nonces could get pruned. 4. The map maps the nonces to client certificates. This limits the possible authentication methods that can be supported. Now the code has been modified such that each user has a private map in the user's session to store the nonces. Additional locking has been implemented to protect against concurrent modifications. The map now uses the target of the operation as the map key, eliminating possible collisions and allowing the use of other authentication methods. Since this is a private map, it's not affected by the number of users using the system. Ticket #474
* Merged cert-request-review/approve commands.Endi Sukma Dewata2013-02-045-99/+142
| | | | | | | The cert-request-approve has been merged into cert-request-review to ensure that these operations are executed in the same session. Ticket #474
* Bug 903401 - TMS: RSA token enrollment failed : public key decode errorChristina Fu2013-01-262-12/+22
|
* Fixed CLI 'cert-find' clientAuth FQDN hostname issueMatthew Harmsen2013-01-253-10/+92
| | | | * TRAC Ticket #488 - Dogtag 10: Fix CLI 'cert-find' clientAuth issue
generated by cgit (git 2.34.1) at 2024-09-22 21:21:21 +0000