| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The REST methods may be executed by different threads even though
they are invoked in the same session. A new interceptor has been
added to all subsystems to make sure the SessionContext is created
properly for each thread. This will fix the authentication data in
the audit log. The SessionContext has also been improved to use
ThreadLocal instead of a global Hashtable.
https://fedorahosted.org/pki/ticket/1054
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tickets #1294, #1058
The patch does the following:
1. Allows an OCSP clone to actually install and operate.
It also sets a param appropriate for an OCSP clone. Ticket #1058
The controversial part of this one is the fact that I have disabled
having OCSP clones register themselves to the CA as publishing target.
The master is already getting the updates and we rely upon replication
to keep the clones updated. The current downside is the master is on an
island with respect to updates and could be considered a single point of failure.
Thus my proposal for this simple patch is to get the OCSP clone working as in existing
functionality. Then we come back and propose a ticket to allow the installer OCSP clones
to set up the publishers in such a way that all clones and master are registered, but when
it is actually time to publish, the CRL publisher has the smarts to know that members of a
clone cluster are in a group and the first successfull publish should end the processing of
that group.
2. Allows the CA clone to set some params to disable certain things that a clone should not do.
This was listed as a set of misc post install tasks that we are trying to automate.
Code tested to work.
1. OCSP clones can be installed and the CRL were checked to be in sync when an update occured to the master.
2. The CA clone has been seen to have the required params and it looks to come up just fine.
Final review minor changes to tickets, 1294, and 1058.
|
| |
|
|
|
| |
Ports are already set when deploying into an existing instance.
Having a user re-enter these is repetitious and error prone.
|
| |
|
|
|
| |
When second subsystem is installed, serverCertNick.conf and other top level
tomcat config files should not be replaced.
|
| |
|
|
|
| |
All subsystems are now tomcat instances. Conditionals based on
whether the subsystem is a tomcat instance or not are no longer required.
|
| | |
|
| |
|
|
|
| |
This allows PKI server to be loaded with nuxwdog library when
java security policy is enabled.
|
| |
|
|
|
|
| |
This adds the ability to either enable or disable an instance using
the pki-server utility. Additional documentation and additions to the
man pages will be added in a separate patch.
|
| |
|
|
|
| |
written to env.sh and CA pki user clis check for
CA install status before execution.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The deployment tool has been modified to deploy the pki.xml only
if the theme package is installed.
https://fedorahosted.org/pki/ticket/499
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
- PKI TRAC Ticket #1296 - RHCS 9.0 theme
|
| |
|
|
|
|
|
|
| |
The deployment tool has been modified to deploy the theme files
directly from /usr/share/pki. New deployment descriptors have been
added for admin templates and JS library.
https://fedorahosted.org/pki/ticket/499
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/pki/ticket/1296
|
| |
|
|
|
|
| |
Recent change (d83f688) changed the order of profile enumeration.
Track profiles using a LinkedHashMap to restore old behaviour where
profiles were enumerated in the order they were discovered.
|
| | |
|
| |
|
|
| |
"nuxwdog-java-client".
|
| |
|
|
|
|
|
| |
The templates have been modified to remove hard-coded background
color settings and use the styles defined in a new CSS file.
https://fedorahosted.org/pki/ticket/1296
|
| |
|
|
|
|
|
| |
The CSS files have been moved into the theme package to allow more
control of the UI appearance.
https://fedorahosted.org/pki/ticket/499
|
| |
|
|
|
|
|
| |
The fonts and images have been moved into the theme package to
allow more control of the UI appearance.
https://fedorahosted.org/pki/ticket/499
|
| |
|
|
|
|
|
|
| |
The deployment tool has been modified to deploy all subsystems
directly from the /usr/share/pki. This will simplify updating
the templates in the web applications.
https://fedorahosted.org/pki/ticket/499
|
| | |
|
| |
|
|
|
| |
The code has been modified to fix tomcatjss and python-sphinx
issues.
|
| | |
|
| |
|
|
| |
- PKI TRAC Ticket #1296 - RHCS 9.0 theme
|
| |
|
|
| |
https://fedorahosted.org/pki/ticket/1296
|
| |
|
|
| |
https://fedorahosted.org/pki/ticket/1296
|
| |
|
|
| |
https://fedorahosted.org/pki/ticket/1296
|
| |
|
|
| |
https://fedorahosted.org/pki/ticket/1296
|
| |
|
|
| |
https://fedorahosted.org/pki/ticket/1296
|
| | |
|
| |
|
|
|
| |
This config file can be used in starting up the instance in a
standalone fashion.
|
| |
|
|
| |
Specifically changes to CS.cfg, server.xml and tomcat.conf
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the first of several commits. This adds a LifecycleListener
to call init() on the nuxwdog client before any connectors or webapps
start up, and call sendEndInit() once initialization completes.
Code is also added to prompt for and test required passwords on startup.
All that is required to use nuxwdog is to start the server using nuxwdog.
An environment variable will be set that will trigger creation of the
NuxwdogPasswordStore. We expect tags for the required passwords to be in
cms.passwordList
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usage:
* under /usr/share/pki/ca/conf, you will find a new file called
serverCert.profile.exampleWithSANpattern
* copy existing serverCert.profile away and replace with
serverCert.profile.exampleWithSANpattern
* edit serverCert.profile.exampleWithSANpattern
- follow the instruction right above 8.default.
- save and quit
* cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg
- follow the instruction right above policyset.serverCertSet.9
- save and quit
* save away and edit the ca config file for pkispawn: (note: you can
add multiple SAN's delimited by ',' for pki_san_server_cert
- add the following lines, e.g.
pki_san_inject=True
pki_san_server_cert=host1.Example.com
- do the same pkispawn cfg changes for kra or any other instances
that you plan on creating
* create your instance(s)
check the sl sever cert, it should contain something like the
following:
Identifier: Subject Alternative Name - 2.5.29.17
Critical: no
Value:
DNSName: host1.Example.com
|
| |
|
|
|
|
|
|
|
|
|
|
| |
New pki-server CLI commands have been added to migrate the server
configuration from Tomcat 7 to Tomcat 8 and vice versa. These
commands can be used later during system upgrade to migrate
existing instances from Tomcat 7 in F22 to Tomcat 8 in F23.
The Python CLI framework has been refactored to provide a way to
find other CLI modules by the command names.
https://fedorahosted.org/pki/ticket/1264
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The Dogtag code has been modified to support both Tomcat 7 and 8.
All files depending on a specific Tomcat version are now stored
in separate folders. The build scripts have been modified to use
the proper folder for the target platform. The tomcatjss
dependency has been updated as well.
The upgrade script will be added in a separate patch.
https://fedorahosted.org/pki/ticket/1264
|
| |
|
|
| |
- PKI TRAC Ticket #1200 - make sure pkispawn works with hsm (passwords)
|
| |
|
|
|
|
|
|
| |
Due to possible Tomcat 7 and 8 conflicts on F22 the spec file has
been modified to explicitly require the proper Tomcat packages for
the platform.
https://fedorahosted.org/pki/ticket/1332
|
| |
|
|
| |
harmful bit of sanity checking, not needed.
|
| |
|
|
| |
TPS Leagcy tests, TPS install tests, MS CA external CA test and other changes to install tests
|
