summaryrefslogtreecommitdiffstats
path: root/base/server
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed fail-over in HttpConnection.Endi S. Dewata2015-07-021-97/+117
| | | | | | | | | | | The HttpConnection class has been modified to support fail-over and timeout more consistently. The targets are parsed into a list during initialization. All direct calls to HttpClient.connect() are replaced with a method that will connect to the first available target. All connections are now created with a timeout (which by default is 0). https://fedorahosted.org/pki/ticket/891
* Limited Interactive Installation SupportMatthew Harmsen2015-07-022-33/+56
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Ticket 1438 pkispawn: SSL_ForceHandshake issue for non-CA on HSM on both ↵Christina Fu2015-07-011-35/+72
| | | | shared and nonshared tomcat instances
* Cleaned up SystemConfigService.configureClone().Endi S. Dewata2015-07-011-50/+22
| | | | | | The getCloningData() in SystemConfigService has been renamed to configureClone(). Redundant try-catch blocks have been removed. Some exception messages have been modified to include more info.
* Cleaned up SystemConfigService.validateRequest().Endi S. Dewata2015-07-011-31/+38
| | | | | | | | | | The configure() in SystemConfigService method has been modified to log only the error message in normal responses but log the full stack trace when unexpected issues occur. The validateData() in SystemConfigService has been renamed to validateRequest() for clarity. The log messages have been modified to include the invalid values entered in the request.
* Fixed Modutil.is_security_module_registered().Endi S. Dewata2015-06-291-45/+45
| | | | | | | | Due to issues with HSM the Modutil.is_security_module_registered() has been modified to the get the list of all registered modules and then use it to check if a module is registered. https://fedorahosted.org/pki/ticket/1444
* Fixed selftests log message.Endi S. Dewata2015-06-2311-771/+396
| | | | | | | | | | | | | The SelfTestSubsystem has been modified to display a 'successful' message only if all tests have passed. If a test fails, it will log a failure, subsequent tests will not be executed, and the subsystem will shutdown immediately. The runSelfTest() in various tests have been cleaned up to throw the original exception to help troubleshooting. The unused RAPresence test has been removed. https://fedorahosted.org/pki/ticket/1249
* Fixed ProxyRealm for Tomcat 8.Endi S. Dewata2015-06-191-0/+5
| | | | | The Realm interface has changed in recent Tomcat 8 version. The ProxyRealm class that implements it has been updated accordingly.
* Add profiles schema update fileFraser Tweedale2015-06-191-0/+4
| | | | | | | | | Dogtag does not yet have a reliable way to update its schema, but FreeIPA does need to add the new schema for LDAP-based profiles during upgrade to 4.2. As a temporary solution until Dogtag can manage its own schema updates (including when deployed as FreeIPA CA), FreeIPA will perform the schema upgrade. Provide a schema file that FreeIPA can use to do this.
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-182-0/+4
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Check security module registrationMatthew Harmsen2015-06-182-0/+59
| | | | | | - PKI TRAC Ticket #1426 - pkispawn of KRA on HSM fails (shared instances) - PKI TRAC Ticket #1427 - pkispawn of OCSP on HSM fails (shared instances) - PKI TRAC Ticket #1429 - pkispawn of TKS on HSM fails (shared instances)
* Fixed thread leaks during shutdown.Endi S. Dewata2015-06-1832-82/+125
| | | | | | | | Various codes have been modified to properly stop threads during shutdown. A new ID attribute has been added to the LDAP connection factory classes to help identify leaking threads. https://fedorahosted.org/pki/ticket/1327
* ticket 867 symkey library path link fixChristina Fu2015-06-182-0/+9
|
* Fixed pkidaemon to show TPS status.Endi S. Dewata2015-06-183-5/+36
| | | | | | | The operations script and the server.xml templates have been modified to display TPS status in pkidaemon. https://fedorahosted.org/pki/ticket/1278
* Fixed typos in Web UI.Endi S. Dewata2015-06-181-1/+1
|
* Fix for HSM cloning issueMatthew Harmsen2015-06-172-0/+47
|
* fix pylint issueChristina Fu2015-06-171-2/+2
|
* add pkiuser to nfast groupMatthew Harmsen2015-06-164-0/+96
| | | | - PKI TRAC Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group
* Startup log message improvementes.Endi S. Dewata2015-06-162-8/+96
| | | | | | | | The PKIListener has been modified to verify that all subsystems are running and to show the command to enable the subsystem if it was disabled due to errors. https://fedorahosted.org/pki/ticket/1406
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Mozilla crypto object warning:Jack Magne2015-06-161-1/+1
| | | | | | Provide simple textual warning when the user is using a browser that no longer supports the crypto object, which results in reduced CA certficat enrollment functionality. For simplicity provide the warning at the top of the main index page and at the top of the CA's services page. The services page is where the pkispawn of the CA points the uers after installation. The ticket originally called for a JS warnign but the simple text warning should be less intrusive and repetitive to the user. Ticket #1398 Provide UI Javascript warning for missing Mozilla Crypto Object in the CA.
* Warning for the main index to tell the user that the crypto object is not ↵Jack Magne2015-06-161-0/+8
| | | | available for use in the browser.
* Run pylint on upgrade scriptsChristian Heimes2015-06-1623-36/+35
| | | | | | | pylint-build-scan.sh doesn't checked the upgrader's Python files yet. This patch adds the common and server upgrade scripts to pylint-build-scan.sh. It also fixes a couple of pylint violations, mostly missing calls to __init__().
* Make pki group-member-show case insensitiveChristian Heimes2015-06-161-2/+2
| | | | | | | | Make the memberID argument of getGroupMember() case insensitive. The groupID argument is already case insensitive. The groupID string is used as CN element in an LDAP query, which is case insensitive by definition. https://fedorahosted.org/pki/ticket/1069
* Add new KRA audit events to KRA's CS.cfgChristian Heimes2015-06-161-0/+72
| | | | | | | The patch implements an updater, that adds the new KRA signed audit events (#1160) to KRA's CS.cfg. https://fedorahosted.org/pki/ticket/1382
* Update: fix CS.cfg permissionsFraser Tweedale2015-06-161-0/+1
| | | | | The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned by root. chown CS.cfg to the instance owner.
* Upgrade: add scriptlet to fix nuxwdog listener classFraser Tweedale2015-06-161-0/+36
|
* Upgrade: check file exists before chowningFraser Tweedale2015-06-161-1/+2
| | | | | | Dogtag entered a state where an upgrade script failed before it was trying to chown a file that didn't exist. Add a check that the file exists.
* Invoke PKIInstance.load() during upgradeFraser Tweedale2015-06-161-0/+3
| | | | | | Some upgrade servlets use attributes loaded when PKIInstance.load() is invoked, but it may not have been; breakage ensues. Invoke it before executing upgrade scriptlets.
* Ticket 1410 Issue with Generic Extension being criticalChristina Fu2015-06-153-2/+32
| | | | - patch ported from https://bugzilla.redhat.com/show_bug.cgi?id=1011984
* Cleaned up links in main page.Endi S. Dewata2015-06-113-127/+16
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Fixed NPE in ROOT's index.jsp.Endi S. Dewata2015-06-081-17/+27
| | | | | | | The ROOT's index.jsp has been modified to check each subsystem's servlet context for null before accessing the value. https://fedorahosted.org/pki/ticket/1407
* Ticket 867 Need to support TPS as a separate tomcat instance.Christina Fu2015-06-012-10/+0
| | | | | This patch addressed the issue that TPS on independent Tomcat is missing symlink to symkey.jar and causes all symkey method reference to fail
* Fixed overwritten deployment property.Endi S. Dewata2015-05-292-2/+1
| | | | | | | The pki_pin has been removed from the default.cfg to avoid overwriting the randomly generated default value. https://fedorahosted.org/pki/ticket/1393
* BZ1226025 - pkidaemon script checks for wrong symlinks for nuxwdog startupAde Lee2015-05-291-7/+13
| | | | Fixed startup script to account for nuxwdog
* Ticket 1309 Recovering of a revoked cert erroneously reflects "active" in ↵Christina Fu2015-05-221-0/+1
| | | | the token db cert entry
* disable backup keys and share master keys when using an HSMMatthew Harmsen2015-05-223-6/+51
| | | | | - PKI TRAC Ticket #1371 - pkispawn: need to disable backup_keys when using an HSM (and provide recommendation); allow clones to share keys
* Added deployment parameters to construct pki_clone_uri.Endi S. Dewata2015-05-223-4/+6
| | | | | | | | New parameters have been added into the default.cfg to specify the master hostname and port for pki_clone_uri. By default they point to the security domain. The man page has been updated as well. https://fedorahosted.org/pki/ticket/1385
* Fixed key archival problem in CLI with separate KRA instance.Endi S. Dewata2015-05-222-54/+96
| | | | | | | | | | The CLI has been modified such that when enrolling a certificate with key archival it will obtain the transport certificate from the CA instead of KRA because the KRA may not reside on the same instance. The CA REST service has been modified such that it will obtain the transport certificate from the KRA connector. https://fedorahosted.org/pki/ticket/1384
* Cleaned up log messages in ConfigurationUtils.getPortFromSecurityDomain().Endi S. Dewata2015-05-221-4/+16
| | | | https://fedorahosted.org/pki/ticket/1372
* Fix XSS attacks on the dogtag administration page #1373.Jack Magne2015-05-1512-141/+127
| | | | | | | | | | | | Porting this set of fixes over from last downstream release upstream. Upon further review, decided to fix a few missing things pointed out by the code review and a few other things: 1. Too many copies of escapeJavaScriptString all over the place. Consolidated the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes. 2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed. XSS fixes.
* Ticket 1160 audit needed for getKeyInfo; audit missing for auth/authz at ↵Christina Fu2015-05-141-1/+9
| | | | REST. This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing.
* Fixed pylint warning in pkihelper.py.Endi S. Dewata2015-05-141-1/+1
|
* Fixed problem redeploying subsystem.Endi S. Dewata2015-05-141-3/+13
| | | | | | | | The pki-server subsystem-enable CLI has been modified to deploy the subsystem from a custom location if available, or from the default location otherwise. https://fedorahosted.org/pki/ticket/1381
* modify contents of serverCertNick.confMatthew Harmsen2015-05-133-0/+48
| | | | | - PKI TRAC Ticket #1370 - pkispawn: installation with HSM from external CA should hold off prepending token name in serverCertNick.conf till phase 2
* Ticket 1160 audit logging needed: REST API auth/authz; kra for getKeyInfoChristina Fu2015-05-134-39/+281
| | | | | | - (1) REST API auth/authz - this patch addresses the first part of this ticket where auditing is completely missing for authentication and authorization at the REST interface.
* Refactored upgrade scripts.Endi S. Dewata2015-05-119-186/+35
| | | | | | | The upgrade scripts have been modified to use the uid and gid provided by PKIInstance object. https://fedorahosted.org/pki/ticket/1341
* Added options for internal token and replication passwords.Endi S. Dewata2015-05-114-20/+30
| | | | | | | | The installation code has been modified such that the admin can optionally specify passwords for internal token and replication. Otherwise the code will generate random passwords like before. https://fedorahosted.org/pki/ticket/1354
* Patches to get nuxwdog working with systemdAde Lee2015-05-1014-34/+130
| | | | | | | | | | | | | | | | | | | | | | This patch adds some new unit files and targets for starting instances with nuxwdog, as well as logic within the pki-server nuxwdog module to switch to/from the old and new systemd unit files. It also corrects some issues found in additional testing of the nuxwdog change scripts. To use nuxwdog to start the instance, a user needs to do the following: 1. Create an instance normally. 2. Run: pki-server instance-nuxwdog-enable <instance_name> 3. Start the instance using: systemctl start pki-tomcatd-nuxwdog@<instance_name>.service To revert the instance, simply do the following: 1. Run: pki-server instance-nuxwdog-disable <instance_name> 2. Start the instance using: systemctl start pki-tomcatd@<instance_name>.service
* Fixed installation logs.Endi S. Dewata2015-05-081-6/+13
| | | | | | | | | To help troubleshooting installation failures the pkihelper.py has been modified to display the error code returned by the server before parsing the error message. If there is a parsing error, the unparsed message will now be displayed. The redundant 'raise' and 'return' statements have been removed.
generated by cgit (git 2.34.1) at 2025-09-29 02:34:31 +0000