pki.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Removed unused variables in deployment scriptlets.	Endi S. Dewata	2016-04-28	1	-4/+1
\| \| \| \| \| \| \| \|	The unused rv instance variables in all deployment scriptlets have been removed. The spawn() and destroy() are now returning None instead of error code. If an error happens during execution the scriptlet will throw an exception which will be caught by pkispawn or pkidestroy and then displayed to the user.
*	Moved self-signed SSL server certificate creation.	Endi S. Dewata	2016-04-15	1	-41/+0
\| \| \| \| \| \| \| \| \|	To avoid possible conflicts imported external certificates, the self-signed SSL server certificate creation has been moved after the external certificates have been imported into the NSS database and before the server is started. https://fedorahosted.org/pki/ticket/1736
*	Added support for cloning 3rd-party CA certificates.	Endi S. Dewata	2016-03-18	1	-0/+19
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The installation code has been modified such that it imports all CA certificates from the PKCS #12 file for cloning before the server is started using certutil. The user certificates will continue to be imported using the existing JSS code after the server is started. This is necessary since JSS is unable to preserve the CA certificate nicknames. The PKCS12Util has been modified to support multiple certificates with the same nicknames. The pki pkcs12-cert-find has been modified to show certificate ID and another field indicating whether the certificate has a key. The pki pkcs12-cert-export has been modified to accept either certificate nickname or ID. The pki pkcs12-import has been modified to provide options for importing only user certificates or CA certificates. https://fedorahosted.org/pki/ticket/1742
*	Additional clean-ups for PKCS #12 utilities.	Endi S. Dewata	2016-03-18	1	-11/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The pki_server_external_cert_path has been renamed to pki_server_external_certs_path to match the file name. A default pki_server_external_certs_path has been added to default.cfg. The pki pkcs12-export has been modified to export into existing PKCS #12 file by default. The pki-server instance-cert-export has been modified to accept a list of nicknames to export. https://fedorahosted.org/pki/ticket/1742
*	Handle import and export of external certs	Ade Lee	2016-03-01	1	-1/+24
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Ticket 1742 has a case where a third party CA certificate has been added by IPA to the dogtag certdb for the proxy cert. There is no way to ensure that this certificate is imported when the system is cloned. This patch will allow the user to import third party certificates into a dogtag instance through CLI commands (pki-server). The certs are tracked by a new instance level configuration file external_certs.conf. Then, when cloning: 1. When the pk12 file is created by the pki-server ca-clone-prepare command, the external certs are automatically included. 2. When creating the clone, the new pki_server_pk12_path and password must be provided. Also, a copy of the external_certs.conf file must be provided. 3. This copy will be read and merged with the existing external_certs.conf if one exists.
*	Added mechanism to import system certs via PKCS #12 file.	Endi S. Dewata	2016-02-26	1	-0/+25
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The installation tool has been modified to provide an optional pki_server_pkcs12_path property to specify a PKCS #12 file containing certificate chain, system certificates, and third-party certificates needed by the subsystem being installed. If the pki_server_pkcs12_path is specified the installation tool will no longer download the certificate chain from the security domain directly, and it will no longer import the PKCS #12 containing the entire master NSS database specified in pki_clone_pkcs12_path. For backward compatibility, if the pki_server_pkcs12_path is not specified the installation tool will use the old mechanism to import the system certificates. The ConfigurationUtils.verifySystemCertificates() has been modified not to catch the exception to help troubleshooting. https://fedorahosted.org/pki/ticket/1742
*	Remove #!python shebang from non-executables	Christian Heimes	2016-01-19	1	-1/+0
\| \| \| \| \| \| \| \| \|	A lot of Python files start with a #!/usr/bin/python shebang although the files are neither executables nor designed as scripts. Shebangs are only required for executable scripts. Without unnecessary shebangs it's a bit easier to track Python 3 porting.
*	Py3 modernization: libmodernize.fixes.fix_import	Christian Heimes	2015-08-17	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Enforce absolute imports or explicit relative imports. Python 3 no longer supports implicit relative imports, that is unqualified imports from a module's directory. In order to load a module from the same directory inside a package, use from . import module The future feature 'from __future__ import absolute_import' ensures that pki uses absolute imports on Python 2, too. See https://www.python.org/dev/peps/pep-0328/
*	Make pki PEP 8 compatible	Christian Heimes	2015-08-14	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Large portions of the patch was automatically created with autopep8: find base/ -name '*.py' \| xargs autopep8 --in-place --ignore E309 \ --aggressive find base/common/upgrade base/server/upgrade -type f -and \ -not -name .gitignore \| autopep8 --in-place --ignore E309 --aggressive autopep8 --in-place --ignore E309 --aggressive \ base/common/sbin/pki-upgrade \ base/server/sbin/pkispawn \ base/server/sbin/pkidestroy \ base/server/sbin/pki-server \ base/server/sbin/pki-server-upgrade About two dozent violations were fixed manually. https://fedorahosted.org/pki/ticket/708
*	Remove noise file generation code	Ade Lee	2015-07-28	1	-3/+9
\| \| \| \| \| \| \| \|	Noise file does not actually need to have random data because NSS does not actually use this data. Certutil still needs the file though, so we will put dummy data in there. This solves potential problems with the random() method used and also issues like BZ 1244382
*	Code cleanup - simplify pkispawn code	Ade Lee	2015-04-29	1	-2/+1
\| \| \| \| \|	All subsystems are now tomcat instances. Conditionals based on whether the subsystem is a tomcat instance or not are no longer required.
*	Add HSM passwords to pkispawn	Matthew Harmsen	2015-04-21	1	-4/+20
\| \| \| \|	- PKI TRAC Ticket #1200 - make sure pkispawn works with hsm (passwords)
*	Add HSM options to pkispawn	Matthew Harmsen	2015-04-14	1	-0/+5
\| \| \| \|	- PKI TRAC Ticket #1346 - pkispawn should have an HSM library option
*	Allow use of secure LDAPS connection	Matthew Harmsen	2015-03-13	1	-2/+24
\| \| \| \|	- PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
*	Remove Apache info from pkispawn and pkidestroy	Matthew Harmsen	2014-09-02	1	-7/+1
\| \| \| \|	- PKI TRAC Ticket #1077 - Consider removing [Apache] section from 'default.cfg'
*	Reformat scriptlets to be in line with PEP8	Ade Lee	2014-06-10	1	-18/+22
\| \| \| \|	Mostly handle pycharm warnings about code formatting.
*	Modify master_dict to mdict to improve readability	Ade Lee	2014-06-10	1	-48/+48
\| \| \| \| \| \|	Most of the install python scripts do not meet PEP8 including being less than 80 chars. Changing master_dict to mdict helps fix this and improves or at least does not degrade readability.
*	Reorganized deployment tools.	Endi S. Dewata	2013-07-22	1	-0/+114
	The pkispawn and pkidestroy scripts have been moved into sbin folder. The Python deployment library and the scriptlets were moved into pki.server.deployment and pki.server.deployment.scriptlets packages, respectively.