| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
subordinate certificate signing requests (CSR)
|
|
|
|
| |
- PKI TRAC Ticket #1077 - Consider removing [Apache] section from 'default.cfg'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the ability to create a subsystem that uses
an existing subtree to create the internal basedn. This is useful
for instance, for IPA which will use the original o=ipaca as the
top level DN for a KRA, which will be situated at o=ipadrm, o=ipaca.
The patch also allows such a system to be cloned, but not to setup the
replication agreements, on the assumption that the data is already being
replicated at the top-level DN or some higher level.
The patch also contains some minor cleanups - removing unused imports and
removal of an invalid reference in the python code.
Ticket 1051
|
| |
|
|
|
|
|
|
| |
1. Provides an xml file served by TPS to allow the client(esc) to configure itself to contact TPS.
2. Edewata review fixes. Return application/xml instead of text/xml, and fix how the phone home file path is calculated.
|
|
|
|
|
|
|
|
|
|
| |
In shared tomcat instances, we need to share the subsystem cert and
not create a new one for each additional subsystem added to the instance.
In addition, if the instances share the same database, then only one
pkidbuser should be created with the relevant subsystem cert and seeAlso
attribute.
Ticket 893
|
|
|
|
|
|
|
|
|
|
| |
The Dogtag client library has been modified to use RESTEasy 3.0 client
library. A new upgrade script has been added to update existing servers.
The JAXB annotation in ResourceMessage has been modified to require
explicit property mapping.
Ticket #554
|
|
|
|
|
|
|
|
|
| |
The Jettison library has been replaced with Jackson library as
JSON provider for RESTEasy. All class paths and the deployment
tools have been updated accordingly. The Python library and the
TPS UI have been updated as well to use the new JSON format.
Ticket #817
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The location of web application context file has been changed from
<instance>/webapps/<name>/META-INF/context.xml
into
<instance>/conf/Catalina/localhost/<name>.xml.
This will eventually allow deploying the web application directly
from the shared folder.
A new upgrade script has been added to move the context files in
the existing instances.
Ticket #499
|
|
|
|
|
|
|
| |
Bug in tomcat for security manager has been resolved.
Updated tomcat requirement accordingly.
Ticket 774
|
|
|
|
| |
* TRAC Ticket #762 - Stand-alone DRM (cleanup tasks)
|
|
|
|
| |
* TRAC Ticket #667 - provide option for ca-less drm install
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
|
|
|
|
|
| |
Resteasy 3.0.1 uses apache-commons-io. Also fixed PKIErrorInterceptor
with correct method call and reformatted the interceptors.
|
|
|
|
|
|
|
|
| |
tomcat now uses systemd unit files. We will reuse and customize those
files accordingly. As a result, startup is simplified considerably -
and pkidaemon has been gutted accordingly.
We'll need to add migration scripts for older instances in a subsequent patch.
|
|
|
|
|
| |
This code allows pkispawn to configure a tps in tomcat.
It does not include any config using the web UI panels.
|
|
|
|
|
|
|
|
|
| |
The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.
Ticket #526
|
|
|
|
|
| |
The CA_PORT variable has been renamed into PKI_CA_PORT for
consistency.
|
|
|
|
|
| |
The CA_HOST variable has been renamed into PKI_CA_HOSTNAME
for consistency.
|
|
|
|
|
| |
The default folder for to store user files in the home directory
has been changed from .pki to .dogtag.
|
|
|
|
|
|
| |
This patch adds support for random certificate serial numbers.
Bug 912554.
|
|
The base/deploy folder has been renamed to base/server to match the
package name. The pki.conf has been moved into pki-base package.
Ticket #553, #564
|