summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Ticket #2569: Token memory not wiped after key deletionJack Magne2017-01-118-30/+166
| | | | | This is the dogtag upstream side of the TPS portion of this ticket. This fix also involves an applet fix, handled in another bug.
* Fixed misleading error message on duplicate cert in HSM.Endi S. Dewata2017-01-051-3/+3
| | | | | | | | The ConfigurationUtils.handleCerts() has been modified to log the actual exception instead of showing the "deleteCert" operation which may not be executed yet. https://fedorahosted.org/pki/ticket/2457
* Replaced default AJP hostname with generic loopback address.Endi S. Dewata2017-01-052-2/+2
| | | | | | | | | Previously the default AJP hostname was an IPv4 loopback address. To avoid problems in IPv6 environments the default has been changed to a generic "localhost" address. The man page has been updated accordingly. https://fedorahosted.org/pki/ticket/2570
* Ticket #2534 (additional) - reset cert status after successful unrevokeChristina Fu2017-01-042-1/+6
|
* Refactored deployment system variables.Endi S. Dewata2016-12-225-53/+20
| | | | | | To improve reusability the deployment system variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer.
* Refactored deployment timestamp variables.Endi S. Dewata2016-12-225-31/+15
| | | | | | To improve reusability the deployment timestamp variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer.
* Refactored PKIConfigParser.flatten_master_dict().Endi S. Dewata2016-12-222-23/+24
| | | | | To improve reusability the flatten_master_dict() has been moved from PKIConfigParser into PKIDeployer.
* Refactored PKIDeployer.Endi S. Dewata2016-12-225-107/+133
| | | | | To improve reusability the PKIDeployer class has been moved from the pkihelper.py into the top level pki.server.deployment module.
* Refactored pki_subsystem object in pkiconfig.py.Endi S. Dewata2016-12-215-72/+75
| | | | | | To improve reusability the pki_subsystem object has been converted from a global variable in pkiconfig.py into an attribute in PKIDeployer.
* Refactored pki_config object in pkiparser.py.Endi S. Dewata2016-12-212-22/+22
| | | | | To improve reusability the pki_config object has been moved from PKIConfigParser into PKIDeployer.
* Refactored user_config object in pkiconfig.py.Endi S. Dewata2016-12-213-12/+13
| | | | | | To improve reusability the user_config object has been converted from a global variable in pkiconfig.py into an attribute in PKIDeployer.
* Refactored master & slots dictionaries creation.Endi S. Dewata2016-12-214-11/+39
| | | | | | | To improve reusability the deployment tools have been modified such that the master and slots dictionary objects are created in PKIDeployer at the beginning of the program. The PKIConfigParser has been modified to use the same dictionary objects.
* Refactored pki_copytree().Endi S. Dewata2016-12-212-78/+78
| | | | | | The pki_copytree() has been moved from pkihelper.py into pki/util.py such that it can be reused in non-deployment scenarios.
* Removed redundant find_file() for Tomcat libraries.Endi S. Dewata2016-12-1811-208/+44
| | | | | | | The CMake scripts have been modified to remove redundant invocations of find_file() to find Tomcat libraries. https://fedorahosted.org/pki/ticket/2560
* Fixed pki-tools build order.Endi S. Dewata2016-12-187-7/+7
| | | | | | | | To help troubleshooting build issues the pki-tools build targets have been modified such that they run sequentially. This way error messages will be easier to find in the build log. https://fedorahosted.org/pki/ticket/2463
* Remove principal type assumption from AuthorityServiceFraser Tweedale2016-12-121-6/+6
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Define "req_authority_id" IRequest extdata key in IRequestFraser Tweedale2016-12-126-6/+10
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Define "profileId" IRequest extdata key in one placeFraser Tweedale2016-12-1219-25/+26
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Define "auth_token" IRequest extdata key prefix in one placeFraser Tweedale2016-12-124-8/+18
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Add getAuthzManagerNameByRealm to IAuthzSubsystemFraser Tweedale2016-12-122-7/+18
| | | | | | | | | The getAuthzManagerByRealm public method is defined in AuthzSubsystem but to support external principals we want to make this part of the IAuthzSubsystem interface, so other classes (e.g. ACLInterceptor) can use it. Part of: https://fedorahosted.org/pki/ticket/1359
* Allow ':' to appear in ACL expressionsFraser Tweedale2016-12-121-1/+3
| | | | | | | | | | Currently if ':' appears in an ACL expression (e.g. a group name, as occurs in FreeIPA permissions), the ACL gets parsed incorrectly. Look backwards from end of string for the final ':', so that the ACL parses correctly. Part of: https://fedorahosted.org/pki/ticket/1359
* Merge duplicate authz plugin code into superclassFraser Tweedale2016-12-123-264/+78
| | | | | | | | | | | | DirAclAuthz and BasicAclAuthz both extend AAclAuthz, but there is still a lot of duplicate code. Push the duplicated bits up into the AAclAuthz. Also remove abstract method flushResourceACLs() from AAclAuthz, and its implementation from BasicAclAuthz, because it is only implemented (meaningfully) by DirAclAuthz. Part of: https://fedorahosted.org/pki/ticket/1359
* Move AuthToken key constants to IAuthTokenFraser Tweedale2016-12-122-34/+34
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Removed all references to 'xenroll.dll'Matthew Harmsen2016-12-0924-583/+164
| | | | - PKI TRAC Ticket #2524 - Remove xenroll.dll from pki-core
* Resolve: pkispawn does not change default ecc key size from nistp256 when ↵Jack Magne2016-12-091-4/+4
| | | | | | | | | nistp384 is specified in spawn config Ticket #2552. This fix turned out simple. The client was correctly setting the required data, but it was putting the curveName in the "keySize" field of the SystemCertData object sent to the back end. The configuration routine was trying to find the name in the "curveName" field when its really in the "keySize" field. This issue is restricted to the ECC case. It is fine to simply fix this in the server, since the "keySize" is a string anyway and it makes decent sense.
* Fixed user certificate renewal using pki client-cert-request.Endi S. Dewata2016-12-081-7/+5
| | | | | | | | | | | | | | When a user renews its certificate using pki client-cert-request the CLI will authenticate using the certificate and send an empty request message. The server is supposed to use the certificate's serial number to process the renewal request. Currently the request fails if the serial number is missing from the request message. The server has been fixed such that it ignores the missing serial number and use the certificate's serial number instead. https://fedorahosted.org/pki/ticket/2476
* Replace duplicate string literals with a constantFraser Tweedale2016-12-071-3/+4
| | | | | | Just a small drive-by refactor. Part of: https://fedorahosted.org/pki/ticket/1359
* Remove unused string constantFraser Tweedale2016-12-071-1/+0
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* LDAPProfileSubsystem: log exception if profile creation failsFraser Tweedale2016-12-071-0/+1
| | | | Part of: https://fedorahosted.org/pki/ticket/1359
* Updated NSS dependency on Fedora.Endi S. Dewata2016-12-051-4/+32
| | | | | | | | | | | | | | | | | The spec file has been updated to require NSS 3.27.0 on Fedora to avoid problems running in Docker container. The NSS dependency in pki-symkey has been updated to require NSS 3.14.3 on non-Fedora platforms since it's already implied by other NSS dependency definitions in the spec file. The NSS dependency in pki-tools has been moved into pki-base since python-nss dependency is also defined in that package. The NSS dependency in pki-tps has been removed since it's already implied by pki-symkey. https://fedorahosted.org/pki/ticket/2226
* Revert "Replaced deprecated DefaultHttpClient."Endi S. Dewata2016-12-023-12/+30
| | | | | | | Commit db58e6071f6bb57de006e6499c0a0c6a8c8e67bf has been reverted due to build issue on RHEL/CentOS. https://fedorahosted.org/pki/ticket/2531
* Revert "Replaced deprecated ProxyParser."Endi S. Dewata2016-12-027-16/+16
| | | | | | | Commit f9ddb2e875355e882b14529979f6c9ae03cf720e has been reverted due to build issue on RHEL/CentOS. https://fedorahosted.org/pki/ticket/2535
* Remove unused memberFraser Tweedale2016-11-291-1/+0
|
* Fixed problem with pki user-cert-add.Endi S. Dewata2016-11-231-21/+7
| | | | | | | | | | Previously the pki user-cert-add fails to check whether the server has a CA subsystem when it's invoked over SSL. That is because the CLI tries to establish a new but improperly set up SSL connection. Now the CLI has been modified to use the existing server connection. https://fedorahosted.org/pki/ticket/1517
* Refactored PKIConnection.get().Endi S. Dewata2016-11-232-3/+7
| | | | | | | | | The PKIConnection has been modified to provide two get() methods: one returning a generic Response object wnd the other returning an object with the specified type. The ConfigurationUtils has been modified accordingly. https://fedorahosted.org/pki/ticket/1517
* Change lifecycle at end of enrollment if it is not already set.Jack Magne2016-11-2210-7/+215
| | | | | | | | | | | | | | | TPS throws "err=6" when attempting to format and enroll G&D Cards. https://bugzilla.redhat.com/show_bug.cgi?id=1320283 This fix addresses this bug , but also: Fixes this issue: Applet upgrade during rekey operation results in formatted token. Also, it takes care of a related issue where the new apdu needed for the lifecycle state causes the testing tool "tpslcient" to seg fault. The fix here is a minimal fix to have tpsclient return an error when it gets this apdu it can't handle, instead of crashing.
* Updated pki-cert man page.Endi S. Dewata2016-11-221-1/+4
| | | | | | | | The pki-cert man page has been updated to clarify that certain profiles may require authentication and the CLI supports certain authentication types. https://fedorahosted.org/pki/ticket/2289
* Fixed TPS UI for agent approval.Endi S. Dewata2016-11-223-97/+124
| | | | | | | | | | | | | | | The TPS UI has been updated to support TPS agent approval process for changes in authenticators, connectors, and profile mappings in addition to profiles. The ConfigEntryPage has been updated to display the action links consistently in the above components for all possible role and status combinations. The ProfilePage has been removed since the code has been merged into its super class. https://fedorahosted.org/pki/ticket/2523
* Fixed TPS UI system menu.Endi S. Dewata2016-11-223-8/+132
| | | | | | | | | | | | | The TPS UI has been modified to adjust the system menu based on the list of accessible components obtained during login. The TPSApplication has been modified to use TPSAccountService which returns the list of accessible components based on the following properties in the CS.cfg: * admin: target.configure.list * agent: target.agent_approve.list https://fedorahosted.org/pki/ticket/2523
* Updated AccountInfo.Endi S. Dewata2016-11-223-34/+31
| | | | | | | | The AccountInfo has been changed to extend the ResourceMessage such that it can be used to pass the list of accessible components as an attribute. https://fedorahosted.org/pki/ticket/2523
* Fix bug in getting secrets from approved requestAde Lee2016-11-222-40/+36
| | | | | | | When request was approved and retrieved through the rest interface, the corresponding volatile requests object was not created due to the new flow. This makes sure the volatile request is created.
* Add python-client code for key resource changesAde Lee2016-11-221-36/+52
|
* Ticket #2534 Automatic recovery of encryption cert - CA and TPS tokendb ↵Christina Fu2016-11-187-185/+158
| | | | | | shows different certificate status This patch fixes the reported issue so now the auto-recovered certificate will reflect the actual status of the certificate. Also, since the externalReg tracks its own recovered certificate status, it is consolidated with the certificate status tracking mechanism added in this patch so that they can be uniformly managed.
* Update PKCS12Util to use SLF4J.Endi S. Dewata2016-11-187-26/+52
| | | | | | | | | The PKCS12Util class has been modified to use SLF4J logging framework. The CMake scripts has been modified to include SLF4J libraries in the classpath. The spec file has been modified to add SLF4J dependencies. https://fedorahosted.org/pki/ticket/195
* Updated spec file for logging configuration man pages.Endi S. Dewata2016-11-181-1/+3
| | | | | | | The pki-core.spec file has been updated to include the new man pages for logging configuration. https://fedorahosted.org/pki/ticket/1897
* Added man pages for logging configuration.Endi S. Dewata2016-11-183-2/+285
| | | | | | | New man pages have been added for the common and server logging configurations. https://fedorahosted.org/pki/ticket/1897
* Updated log4j.properties.Endi S. Dewata2016-11-182-25/+27
| | | | | | | | | | | | | To reduce maintenance the log4j.properties is no longer copied into the instance folder during deployment. Instead, a link will be created in the /var/lib/pki/<instance>/lib folder pointing to the default file in /usr/share/pki/server/conf. The default log4j.properties has been updated to remove redundant lines. By default only log messages with level WARN or higher will be logged on the console. https://fedorahosted.org/pki/ticket/1897
* Updated logging.properties.Endi S. Dewata2016-11-183-21/+20
| | | | | | | | | | | | To reduce maintenance the logging.properties is no longer copied into the instance folder during deployment. Instead, a link will be created in /etc/pki/<instance> pointing to the default file in /usr/share/pki/server/conf. The default logging.properties has been updated to only log messages with level WARNING or higher on the console. https://fedorahosted.org/pki/ticket/1897
* Removed unused OCSP, TKS, and TPS logging.properties.Endi S. Dewata2016-11-183-210/+0
| | | | | | | The logging.properties files in OCSP, TKS, and TPS folders are never deployed so they have been removed. https://fedorahosted.org/pki/ticket/1897
* Removed unused CA and KRA logging.properties.Endi S. Dewata2016-11-182-140/+0
| | | | | | | The logging.properties files in CA and KRA folders are never deployed so they have been removed. https://fedorahosted.org/pki/ticket/1897
generated by cgit (git 2.34.1) at 2025-09-27 15:41:53 +0000