| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
We do a check for the dnsdomainname, which fails in Openstack
CI because this is not set. Instead of exiting, default to
the hostname.
(cherry picked from commit 795465f8620a0a10092435dce46e4cff93dbc20a)
|
|
|
|
|
| |
- PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating
ecc admin certificate
|
|
|
|
|
| |
- PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
(Cloning, Subordinates, Externals, HSMs, ECC)
|
|
|
|
|
|
| |
- PKI TRAC Ticket #1426 - pkispawn of KRA on HSM fails (shared instances)
- PKI TRAC Ticket #1427 - pkispawn of OCSP on HSM fails (shared instances)
- PKI TRAC Ticket #1429 - pkispawn of TKS on HSM fails (shared instances)
|
|
|
|
| |
- PKI TRAC Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ROOT's index.jsp has been modified to show the links to all
subsystems installed on the instance. When opened, it will show
the services provided by the subsystem.
The pkispawn output has been modified to show the subsystem URL
more consistently:
https://<hostname>:<port>/<subsystem>
In all subsystems except TPS the page will redirect to:
https://<hostname>:<port>/<subsystem>/services
|
|
|
|
|
| |
- PKI TRAC Ticket #1371 - pkispawn: need to disable backup_keys when using an
HSM (and provide recommendation); allow clones to share keys
|
|
|
|
|
| |
- PKI TRAC Ticket #1370 - pkispawn: installation with HSM from external CA
should hold off prepending token name in serverCertNick.conf till phase 2
|
|
|
|
| |
- PKI TRAC Ticket #1200 - make sure pkispawn works with hsm (passwords)
|
|
|
|
| |
- PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
|
|
|
|
|
| |
- PKI TRAC Ticket #1315 - pki-tomcatd fails to start on system boot
- PKI TRAC Ticket #1340 - pkidestroy should not remove /var/lib/pki
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix now includes last review comments where we decided to consolidate 3 of the
ldif files: schema.ldif,database.ldif, and manager.ldif.
Each one of these 3 files contains the data needed for any subsystem for that file.
The subsystem specific files for these 3 go away in the source tree.
The first iteration of this fix was copying these 3 files into an undesirable directory.
This is no longer the case.
Extra code in the python installer allows one to establish a "file exclusion" callback to
keep a set of desired files from being copied when the installer does a directory copy.
All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix),
and they appear to work fine.
Addressed further review comments:
1. Removed trailing whitespace instances from schema.ldif which had some.
2. Used pycharm to remove the few PEP violations I had previously added to the Python code.
3. Changed the format of the schema.ldif file to make all the entries use the same style.
Previously the TPS entries was using an all in one syntax. No more since now each entry is separate.
4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance.
5. Tested everything to work as before, including basic TPS operations such as Format.
Fixed a method comment string and fixed some typos.
|
|
|
|
| |
- PKI TRAC Ticket #1077 - Consider removing [Apache] section from 'default.cfg'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code to remove the connector from the pki CLI was found to be broken
because of invalid message type (partly due to void returns).
On uninstall, we need to remove the kra-connector from all relevant CA's
in the security domain. The best way to do this is to keep kra-connector
info in LDAP, so that only one call is needed. Until that change has
been made, we are adding a hack to remove the connector from all CA's
in the secutrity domain (if it exists).
Due to issues with proxy configurations, we will continue to use sslget
and a url-encoded-form version of the servlet.
In addition, it was found that when removing a KRA from a shared subsystem,
the updateDomainXML servlet was erroneously returning failure when it
was unsuccessful in removing a non-existent user from a group.
Ticket 1113
|
|
|
|
| |
- PKI TRAC Ticket #1120 - Remove Firefox PKI GUI Configuration Panel Interface
|
|
|
|
| |
- PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
|
|
|
|
|
| |
Improve the layout of strings in pkimessages and fix
a couple more PEP 8 issues.
|
|
|
|
|
| |
Mostly reformatting due to PEP8. Not all pycharm warnings are
addressed, but the vast majority are.
|
|
|
|
| |
* TRAC Ticket #667 - provide option for ca-less drm install
|
|
|
|
|
|
|
|
|
|
|
|
| |
The deployment config files used by pkispawn support interpolation as
supplied by ConfigParser. Interpolation uses the '%' character, which
means values that need to contain a '%' character need to be properly
escaped.
This patch detects errors with unescaped '%' characters and reports
a useful message bac kto the user who is running pkispawn. This
patch also adds notes to the pkispawn and pki_default.cfg man pages
to explain that escaping of '%' characters is required.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new REST service has been added to the TKS to manage shared secrets.
The shared secret is tied to the TKS-TPS connector, and is created at the
end of the TPS configuration. At this point, the TPS contacts the TKS and
requests that the shared secret be generated. The secret is returned to the
TPS, wrapped using the subsystem certificate of the TPS.
The TPS should then decrypt the shared secret and store it in its certificate
database. This operations requires JSS changes, though, and so will be deferred
to a later patch. For now, though, if the TPS and TKS share the same certdb, then
it is sufficient to generate the shared secret.
Clients and CLI are also provided. The CLI in particular is used to remove the
TPSConnector entries and the shared secret when the TPS is pkidestroyed.
|
|
|
|
|
|
|
| |
A redundant import has been added in one ofthe previous patches.
Fixed another small issue while using the escape character.
Pylint fixes.
|
|
The pkispawn and pkidestroy scripts have been moved into sbin folder.
The Python deployment library and the scriptlets were moved into
pki.server.deployment and pki.server.deployment.scriptlets packages,
respectively.
|