summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Update compose_functions development script to account for remote tarballsMatthew Harmsen2015-03-051-4/+65
| | | | | | and patches PKI TRAC Ticket #1211 - New release overwrites old source tarball
* Fixed CMake issues on F22.Endi S. Dewata2015-03-055-5/+5
| | | | | | Some CMake scripts have been updated to work on both F21 and F22. https://fedorahosted.org/pki/ticket/1281
* Ticket: TPS Rewrite: Implement Secure Channel Protocol 02 (#883).Jack Magne2015-02-2726-687/+3800
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | First cut of gp211 and scp protocol 02 for tokens. Allow token operations using a GP211 token over secure channel protocol 02. This patch supports the following: 1. Token operations with a GP211 card and SCP02 protocol, implementation 15. 2. Token still supports GP201 cards with SCP01. 3. SCP02 tested with SC650 gp211/scp02 card. Things still to do: 1. Right now the SCP02 support has been tested with the current gp201 applet and enrollment and formatting works just fine. We need to modify and compile the applet against the GP211 spec and retest to see if any further changes are needed. 2. The nistSP800 key derivation stuff is not completed for the SCP02 protocol. Some of the routines are self contained vs similar SCP01 ones. We have another ticket to complete the nistSP800 support from end to end. This work will be done for that ticket. 3. One of the new scp02 deriviation functions can make use of a new NSS derive mechanism. As of now this work is done by simple encryption, this can be done later. 4. The security APDU level of "RMAC" is not supported because the card does not support it. It could have been done to the spec, but it having the card to test is more convenient and there were more crucial issues to this point.
* Fixed systemd errors/warnings after upgrade.Endi S. Dewata2015-02-271-0/+1
| | | | | | | The spec file has been modified to reload systemd daemon after upgrade to avoid errors/warnings when executing systemd commands. https://fedorahosted.org/pki/ticket/1255
* Fix for developer script on Fedora 21.Matthew Harmsen2015-02-261-0/+3
|
* Updated CRMFPopClient parameter handling.Endi S. Dewata2015-02-273-217/+353
| | | | | | | | | | | | The CRMFPopClient has been modified to use Apache Commons CLI library to handle the parameters. The help message has been rewritten to make it more readable. The submitRequest() will now display the error reason. The options in ClientCertRequestCLI have been simplified. A new option was added to generate CRMF request without POP. https://fedorahosted.org/pki/ticket/1074
* Add granularity to token termination in TPSAde Lee2015-02-264-35/+160
| | | | | | BZ 1163987. Added revocation checks to optionally revoke expired certs, and handle cases where certs are shared on multiple tokens.
* Bugzilla 1134405 - CRL publishing fails after Java heap out of memory errorAde Lee2015-02-261-0/+24
| | | | Added fix from hot fix.
* CA and SUBCA scep tests using sscep.Asha Akkiangady2015-02-245-17/+447
|
* Port TKS legacy tests to beakerNiranjan Mallapadi2015-02-246-2/+1222
|
* Update rhcs-shared.sh with more shared functionsNiranjan Mallapadi2015-02-231-0/+128
| | | | | Add functions related to creating directory user and functions related tps
* CA renewal manual, directory authenticated andAsha Akkiangady2015-02-168-25/+8973
| | | | | | sslclient self renewal tests. Subca usergroup tests and new tests added to ca's usergroup.
* Port OCSP legacy tests beaker framewokrNiranjan Mallapadi2015-02-169-59/+1653
| | | | Some minor fixes to CA EE tests
* Refactored OCSPClient.Endi S. Dewata2015-02-164-239/+366
| | | | | | | The OCSPClient CLI has been refactored into an OCSPProcessor utility class such that the functionality can be reused. https://fedorahosted.org/pki/ticket/1202
* ticket#822 creates root CA subject DN when renewing with empty params.name ↵Christina Fu2015-02-121-1/+1
| | | | in orig profile
* Refactored LDAPDatabase.createFilter().Endi S. Dewata2015-02-114-23/+65
| | | | | | | | | | The createFilter() method in LDAPDatabase has been changed to construct an LDAP filter based on a keyword and a set of attributes with their values. This will allow searching the database based on specific attribute values. The subclasses of LDAPDatabase have been updated accordingly. https://fedorahosted.org/pki/ticket/1164
* Ticket#1028 Phase1:TPS rewrite: provide externalReg functionalityChristina Fu2015-02-1013-161/+1586
|
* Fixed additional pylint warnings.Endi S. Dewata2015-02-061-1/+1
| | | | | | | The pki CLI has been modified to remove additional pylint warnings that appear on Fedora 22. https://fedorahosted.org/pki/ticket/703
* Fixed problem cloning Dogtag 10.1.x to 10.2.x.Endi S. Dewata2015-02-061-12/+53
| | | | | | | | The JSON format of security domain info has changed between Dogtag 10.1.x and 10.2.x, so the Python client library has been changed to accommodate both formats. https://fedorahosted.org/pki/ticket/1235
* Fixed pylint report.Endi S. Dewata2015-02-0519-206/+176
| | | | | | | | | | | | | | | Previously pylint report was saved it into a file which may not be accessible on a build system. The pylint-build-scan.sh has been changed to display the report so it will appear in the build log. The pylint configuration has also been modified to disable C and R messages by default. This way when other errors or warnings occur the build will fail without having to check for specific codes. Some Python codes have been modified to reduce the number of pylint warnings. https://fedorahosted.org/pki/ticket/703
* Added missing python-lxml build dependency.Endi S. Dewata2015-02-041-0/+2
| | | | | | | The python-lxml is actually needed to avoid pylint failures during build so it has been added as a build dependency. https://fedorahosted.org/pki/ticket/1252
* Updated Resteasy and Jackson dependenciesEndi S. Dewata2015-02-0310-97/+72
| | | | | | | | | | In Fedora 22 the Resteasy package has been split into several subpackages. The pki-core.spec has been modified to depend on more specific Resteasy packages which depend only on Jackson 1.x. The classpaths and various scripts have been modified to remove unused references to Jackson 2.x. https://fedorahosted.org/pki/ticket/1254
* Add Legacy drm-logs and some subca testsNiranjan Mallapadi2015-02-0310-0/+10480
| | | | | | | Sub CA cert-enrollment, profiles and logs are added DRM logs are added Signed-off-by: Niranjan Mallapadi <mrniranjan@redhat.com>
* Modified test-idsRoshni Pattath2015-02-025-69/+69
|
* Subca legacy testsRoshni Pattath2015-02-0211-122/+2616
| | | | Related changes to Makefile, runtest, rhcs-shared and create role users
* Add legacy drm testsNiranjan Mallapadi2015-01-296-0/+1364
|
* Add legacy CA logs testsNiranjan Mallapadi2015-01-293-0/+207
|
* Add legacy cert-enrollment testsNiranjan Mallapadi2015-01-296-1/+8021
|
* Add CA Profiles legacy testsNiranjan Mallapadi2015-01-294-9/+2366
|
* Refactored CRMFPopClient.Endi S. Dewata2015-01-285-508/+753
| | | | | | | | | | | | | | | | | | The CRMFPopClient has been refactored such that it is easier to understand and reuse. The code has been fixed such that it can read a normal PEM transport certificate. It also has been fixed to parse the request submission result properly. The client-cert-request CLI command was modified to support CRMF requests. The MainCLI and ClientConfig were modified to accept a security token name. The pki_java_command_wrapper.in was modified to include the Apache Commons IO library. https://fedorahosted.org/pki/ticket/1074
* Disabling subsystem on selftest failure.Endi S. Dewata2015-01-281-0/+19
| | | | | | | | | | | The SelfTestSubsystem has been modified such that if the selftest fails it will invoke the pki-server CLI to undeploy and disable the failing subsystem. The Tomcat instance and other subsystems not depending on this subsystem will continue to run. Once the problem is fixed, the admin can enable the subsystem again with the pki-server CLI. https://fedorahosted.org/pki/ticket/745
* Added server management CLI.Endi S. Dewata2015-01-289-2/+855
| | | | | | | | | | | | | A new pki-server CLI has been added to manage the instances and subsystems using the server management library. This CLI manages the system files directly, so it can only be run locally on the server by the system administrator. The autoDeploy setting in server.xml has been enabled by default. An upgrade script has been added to enable the autoDeploy setting in existing instances. https://fedorahosted.org/pki/ticket/1183
* Added server management library.Endi S. Dewata2015-01-283-31/+146
| | | | | | | | | | | | | | | The PKISubsystem and PKIInstance classes used by the upgrade framework have been converted into a server management library. They have been enhanced to provide the following functionalities: * starting and stopping instances * enabling and disabling subsystems * checking instance and subsystem statuses The validate() invocation has been moved out of the constructors into the upgrade framework such that these objects can be created to represent subsystems and instances that do not exist yet. https://fedorahosted.org/pki/ticket/1183
* Moved web application deployment locations.Endi S. Dewata2015-01-2810-54/+230
| | | | | | | | | | | | | Currently web applications are deployed into Host's appBase (i.e. <instance>/webapps). To allow better control of individual subsystem deployments, the web applications have to be moved out of the appBase so that the autoDeploy can work properly later. This patch moves the common web applications to <instance>/ common/webapps and subsystem web applications to <instance>/ <subsystem>/webapps. An upgrade script has been added to update existing deployments. https://fedorahosted.org/pki/ticket/1183
* CA EE OCSP and related java filesRoshni Pattath2015-01-2210-3/+1540
|
* crlissuingpoint dir was spelled wrong in Makefile and runtest.shRoshni Pattath2015-01-212-2/+2
|
* Fixed some typos in Makefile and runtest.shRoshni Pattath2015-01-212-6/+6
|
* Fixed exception chains in ConfigurationUtils.Endi S. Dewata2015-01-211-16/+24
| | | | | | | The ConfigurationUtils has been modified such that if an exception is triggered by another exception the exceptions will be chained. https://fedorahosted.org/pki/ticket/915
* Added support for exception chains in EBaseException.Endi S. Dewata2015-01-215-39/+76
| | | | | | | | | | | The EBaseException has been modified to provide constructors that can be used to chain the cause of the exception. This way the root cause of the exception can be traced back to help troubleshooting. Some codes have been modified to utilize the proper exception chaining as examples. https://fedorahosted.org/pki/ticket/915
* Removed unnecessary EBaseException constructor.Endi S. Dewata2015-01-2117-160/+1
| | | | | | | | | The EBaseException(String msgFormat, String param) constructor has been removed because it's only used once and can be substituted with another constructor. All subclasses of EBaseException have been updated accordingly. https://fedorahosted.org/pki/ticket/915
* CA Admin Porting testsRoshni Pattath2015-01-208-0/+2431
| | | | Internaldb, authplugin, acl, crlissuing point, agent-crl, publishing
* Synced spec files with DOGTAG_10_2_RHEL_BRANCHMatthew Harmsen2015-01-193-4/+16
|
* Updated version number to 10.2.2-0.1Matthew Harmsen2015-01-083-3/+3
|
* Updated version number to 10.2.2-0.1Matthew Harmsen2015-01-084-8/+20
|
* Update release number for release build (10.2.1-1)Matthew Harmsen2015-01-084-4/+16
|
* Fixed bash syntax errorMatthew Harmsen2015-01-081-5/+5
| | | | | - Bugzilla Bug #1147924 - dogtag: syntax errors in /usr/share/pki/scripts/operations
* Enable Authority Key Identifier CRL extension by defaultFraser Tweedale2015-01-071-1/+1
| | | | | | | | | | | RFC 5280 states: Conforming CRL issuers are REQUIRED to include the authority key identifier (Section 5.2.1) and the CRL number (Section 5.2.3) extensions in all CRLs issued. Accordingly, update CS.cfg so that the Authority Key Identifier extension is enabled by default.
* Installer tests for CA, KRA, OCSP and TKS.Asha Akkiangady2015-01-066-1/+823
|
* Minor changes relating to CI modificationsRoshni Pattath2015-01-0517-79/+59
|
* Ticket #864 866 (part 1 symkey, common) NIST SP800-108 KDFChristina Fu2014-12-1912-226/+2343
| | | | | - this patch does not include TPS side of changes: (#865 needs to be rewritten in Java)
generated by cgit (git 2.34.1) at 2025-10-02 02:57:33 +0000