summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* remove more inaccessible URLs from server.xmlMatthew Harmsen2015-08-074-16/+12
| | | | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible - PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat shows an error page
* Ticket 1531 Directory auth plugin requires LDAP anonymous bindsChristina Fu2015-08-076-12/+131
| | | | | | | | | | | | | | | | | | | | - This patch adds a feature to allow a directory based authentication plugin to use bound ldap conneciton instead of anonymous. Two files need to be edited 1. <instance>/conf/password.conf add a "tag" and the password of the binding user dn to the file e.g. externalLDAP=password123 2. <instance>/ca/CS.cfg add the tag to cms.passwordlist: e.g. cms.passwordlist=internaldb,replicationdb,externalLDAP add the authPrefix of the auths entry for the authentication instance e.g. externalLDAP.authPrefix=auths.instance.UserDirEnrollment add relevant entries to the authentication instance e.g. auths.instance.UserDirEnrollment.ldap.ldapBoundConn=true auths.instance.UserDirEnrollment.ldap.ldapauth.authtype=BasicAuth auths.instance.UserDirEnrollment.ldap.ldapauth.bindDN=uid=rhcs,ou=serviceaccounts,dc=EXAMPLE,dc=com auths.instance.UserDirEnrollment.ldap.ldapauth.bindPWPrompt=externalLDAP
* Added in commented out 'javac' command-line options such as "-g" debuggingMatthew Harmsen2015-08-051-0/+3
|
* Fixed missing cert request hostname and address.Endi S. Dewata2015-08-057-47/+46
| | | | | | | | | | | | The CA services have been modified to inject request hostname and address into the certificate request object such that they will be stored in the database. This fixes the problem with requests submitted either via the UI or the CLI. An unused method in CertRequestResource has been removed. Some debug messages have been cleaned as well. https://fedorahosted.org/pki/ticket/1535
* remove extra space from Base 64 encoded cert displaysMatthew Harmsen2015-07-316-18/+18
| | | | | - PKI TRAC Ticket #1522 - CA UI adds extra space in Base 64 encoded certificate display
* Add code to reindex data during cloning without replicationAde Lee2015-07-3116-32/+243
| | | | | | | | | | | | | When setting up a clone, indexes are added before the replication agreements are set up and the consumer is initialized. Thus, as data is replicated and added to the clone db, the data is indexed. When cloning is done with the replication agreements already set up and the data replicated, the existing data is not indexed and cannot be accessed in searches. The data needs to be reindexed. Related to ticket 1414
* Firefox warningJack Magne2015-07-313-15/+7
| | | | | | | | Ticket #1523 Move the dire warning about the crypto object to sections where it applies. Also slightly changed the message due to context.
* Add certutil options for ECCMatthew Harmsen2015-07-285-5/+38
| | | | | - PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating ecc admin certificate
* op.format.externalRegAddToToken.revokeCert parameter missing in TPS CS.cfg.Jack Magne2015-07-281-0/+1
| | | | | | | | | It is true that his setting is not present. The generic code that revokes certs for a format checks this value. No harm in putting this value in the CS.cfg and setting it to false by default for the externalRegAddToToken profile. No harm in giving the user the way to use this feature , even if we decide it is not a good idea to revoke certs associated with the external reg feature.
* Ticket 1307 issue: FilterMappingResolver always returns targetChristina Fu2015-07-282-7/+12
|
* TPS UI: After successful key upgrade during pin reset operation the token db ↵Jack Magne2015-07-281-0/+15
| | | | | | | still shows old key Simple matter of not updating the token record at the end of the pin reset operation. Also, make sure the activity log is correct.
* Remove noise file generation codeAde Lee2015-07-282-64/+19
| | | | | | | | Noise file does not actually need to have random data because NSS does not actually use this data. Certutil still needs the file though, so we will put dummy data in there. This solves potential problems with the random() method used and also issues like BZ 1244382
* Fixed previous patch by ALWAYS including 'policycoreutils-python' regardlessMatthew Harmsen2015-07-241-4/+2
| | | | of platform.
* Fix code to add replicationdb password unless already presentAde Lee2015-07-241-1/+1
| | | | | | | | | The replicationdb password is an instance parameter and should be created by the first subsystem in the instance. This should happen independantly of whether replication is being set up in case it is needed to set up replication (as a master) later. Related to Ticket 1414
* Please depend on policycoreutils-python-utilsMatthew Harmsen2015-07-241-1/+12
| | | | | - Bugzilla Bug #1246620 - [PATCH] Please depend on policycoreutils-python-utils [Fedora 23 and later - tradej]
* Fixed ObjectNotFoundException in PKCS12Export.Endi S. Dewata2015-07-201-6/+6
| | | | | | | The PKCS12Export has been fixed to handle ObjectNotFoundException when exporting certificates without private keys. https://fedorahosted.org/pki/ticket/1506
* Updated version number to 10.2.7-0.1Matthew Harmsen2015-07-187-11/+23
|
* Merge branch 'master' of ssh://git.fedorahosted.org/git/pkiMatthew Harmsen2015-07-180-0/+0
|\
| * Update release number for release build (10.2.5-1)Matthew Harmsen2015-07-184-4/+16
| |
* | Update release number for release build (10.2.6-1)Matthew Harmsen2015-07-184-4/+16
|/
* Added pki-tps-profile man page.Endi S. Dewata2015-07-186-28/+189
| | | | | | | | | A new man page has been added for the pki tps-profile CLI. The CLI has been modified to refer to the new man page. Some other man pages have been cleaned up as well. https://fedorahosted.org/pki/ticket/1271
* Updated man pages with TPS info.Endi S. Dewata2015-07-183-30/+178
| | | | | | | The man pages for pkispawn and pki_default.cfg have been updated to include TPS deployment parameters. https://fedorahosted.org/pki/ticket/1277
* Updated man page for configuring secure LDAP connection.Endi S. Dewata2015-07-181-36/+77
| | | | | | | | | | | | The instruction to setup secure LDAP connection in the pkispawn man page has been updated. The sample deployment configuration file has been made more generic. The setup-ds.pl has been removed from the instruction since generating a self-signed certificate requires a DS admin server. The URL to download setupssl2.sh has been changed with a more direct link. The sample LDAP password has been changed to match the current deployment configuration examples. Some paragraphs have been line wrapped to simplify man page development.
* Added 'pkidaemon' man page.Matthew Harmsen2015-07-172-0/+305
|
* Added pki-audit man page.Endi S. Dewata2015-07-173-2/+113
| | | | | | | | A new man page has been added for the pki <subsystem>-audit CLI. Due to database upgrade issue the command is currently only available in TPS. https://fedorahosted.org/pki/ticket/1437
* Removed audit CLI from non-TPS subsystems.Endi S. Dewata2015-07-1713-39/+13
| | | | | | | | | | Due to database upgrade issue the pki <subsystem>-audit CLI has been removed from all subsystems except TPS. The AuditModifyCLI has been modified to clarify that the --action and the --input parameters are mutually exclusive. https://fedorahosted.org/pki/ticket/1437
* Remove 'setup' directory containing remaining Perl routinesMatthew Harmsen2015-07-177-4389/+5
| | | | - PKI TRAC Ticket #1492 - remove pki-proxy-setup
* Document workaround for 1454 in 'pkispawn' man page.Jack Magne2015-07-171-1/+18
| | | | Ticket #1486.
* Removed hard-coded /root in pkispawn man page.Endi S. Dewata2015-07-171-5/+6
| | | | | | | | | The /root in pkispawn man page has been replaced with a more generic $HOME. An incorrect /root in the following example has been removed: semanage -a -t pki_tomcat_cert_t /root/backup_keys.p12
* TPS add phone home URLs to pkidaemon status message.Jack Magne2015-07-169-1316/+120
| | | | | | Ticket # 1466 . Also remove some needless copies of server.xml from the code.
* Updated pkispawn man page.Endi S. Dewata2015-07-161-103/+302
| | | | | | | | | The pkispawn man page has been updated to clarify the section headers of various deployment scenarios. Some paragraphs have been line wrapped to simplify man page development. The existing sample password has been replaced with another password that does not match a parameter name to simplify search and replace for customization.
* Fix exception when talking to dogtag 9 systemsAde Lee2015-07-161-6/+3
| | | | | | | | | | | | | When getting a token from the security domain for a Dogtag 9 system, we first attempt to reach the REST interfaces. When this fails (with 404 exception), we catch the exception and try the old interfaces. The exception being thrown has been changed from the deprecated ClientResponseFailure to being wrapped in a PKIException, so the code catching the exception needs to be modified accordingly. Ticket 1495
* Added man pages for pki-serverAde Lee2015-07-166-0/+434
| | | | Trac ticket 1356
* Create pkiuser user and group during installationChristian Heimes2015-07-151-0/+19
| | | | | | | The group 'pkiuser' and user 'pkiuser' are now created during the installation of the pki-server package. https://fedorahosted.org/pki/ticket/1468
* Handle JSON decode error in handle_exceptions()Christian Heimes2015-07-154-11/+97
| | | | | | | | | | | | | pki.handle_exceptions() raises a JSON decode exception when the body of the HTTPException is not a valid JSON string. The JSON exception hides the true error message. The patch also fixes a bug in PKIException.from_json(). The code and ClassName attribute are now correctly set. Finally we have our first unit test. https://fedorahosted.org/pki/ticket/1488 https://fedorahosted.org/freeipa/ticket/5129
* Fixed PKCS12Export output.Endi S. Dewata2015-07-152-207/+265
| | | | | | | | | | | | The PKCS12Export has been modified such that if an error occurs in normal mode it will display the error message and in debug mode it will display the full stack trace. The code has also been refactored such that it can be reused as a library in addition to command-line tool. The code will now throw exceptions instead of exiting to the system. https://fedorahosted.org/pki/ticket/1224
* Fixed cert-find performance.Endi S. Dewata2015-07-154-69/+130
| | | | | | | | The CertService.searchCerts() has been modified to use the VLV properly to retrieve just the entries in the requested page, thus reducing the response time and memory requirement. Some classes have been modified to clean up the debugging logs.
* Renamed deprecated pylint 'disable-msg' to 'disable'.Matthew Harmsen2015-07-141-1/+1
|
* Man page updates for cloningAde Lee2015-07-141-6/+41
| | | | Ticket 1076
* Disable 'W1401' anomalous-backslash-in-string pylint warning for regexMatthew Harmsen2015-07-131-0/+1
| | | | expressions used by system call to 'sed'.
* Ticket 1459 Dogtag clients cannot connect when CS is configured with ECCChristina Fu2015-07-136-1/+69
| | | | clients are: cli, HttpClient, and java console
* ecc Console - 1. clean up the tabs in the JSSConnection constructorChristina Fu2015-07-131-45/+45
|
* remove inaccessible URLs from server.xmlMatthew Harmsen2015-07-134-6/+44
| | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible
* Fixed NPE during key-retrieve.Endi S. Dewata2015-07-133-105/+125
| | | | | | | | | | | | Keys archived through the KRA connector in CA have null data type attribute which causes a NPE during retrieval using the key-retrieve CLI. The SecurityDataRecoveryService has been modified to consider null data type attribute as asymmetric key type. The KeyRetrieveCLI and KeyService have been modified to generate better debugging messages to help troubleshooting. https://fedorahosted.org/pki/ticket/1481
* Add details on exporting and importing system certs when cloning.Ade Lee2015-07-131-1/+16
| | | | Trac ticket 852, 853
* Ticket 1414: Add documentation of pki_clone_setup_replicationAde Lee2015-07-131-1/+5
|
* pkispawn man page ECC exampleMatthew Harmsen2015-07-101-0/+34
| | | | - PKI TRAC Ticket #1460 - Add 'pkispawn' man page example for ECC
* In-tree tests and linting with toxChristian Heimes2015-07-107-28/+194
| | | | | | | | | | | | | | | | | | | | | | | | | Before the patch it wasn't possible to run pylint outside a RPM build. The Python sources were split into common and server files in two separate trees. With setup.py and tox the pki package can now be installed and tested in a virtual env. Tox enables developers to automate installation and testing in Python virtual environment. The new tox.ini performs several tasks with one command: * It creates and installs a source distribution of pki packages and its command line scripts * It verifies that all CLI scripts can be execute (using its --help argument). * It runs pylint on all Python files and CLI scripts. * It can run flake8 on all Python and CLI files (disabled for now). * Finally it builds Sphinx autodocs. I had to delay the root check in pkispawn and pkidestroy and modify two files to get rid of Sphinx warnings. https://fedorahosted.org/pki/ticket/696 http://tox.readthedocs.org
* The man page for tpsclient does not exist.Jack Magne2015-07-094-10/+152
| | | | | | Ticket #1629 Provide a man page for the tool "tpsclient".
* Fixed user-cert-add --serial with remote CA.Endi S. Dewata2015-07-099-238/+396
| | | | | | | | | | | | | | | | | The user-cert-add command has been modified to ask the user for the CA server URI if the CA is not available locally. A new SubsystemClient.exists() method has been added to check whether a subsystem is deployed on the target instance. The SubsystemCLI has been modified to call logout() only if the operation is executed successfully. The certificate approval callback class has been refactored out of PKIConnection into a separate class to clean up circular dependency with PKIClient. https://fedorahosted.org/pki/ticket/1448
generated by cgit (git 2.34.1) at 2025-09-30 02:26:04 +0000