summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
* Convert admin cert from ascii to binary before importing into certdbAde Lee2012-11-042-3/+17
| | | | | Sometimes importing the ascii admin cert into th client certdb fails. The binary always appears to work though.
* Set paths for default instanceAde Lee2012-11-046-44/+166
| | | | | | | | | | | | | | With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385
* Fixed problem finding SHA-256 message digest.Endi Sukma Dewata2012-10-311-1/+1
| | | | | | | | The CertPrettyPrint has been modified to use the standard names for message digests so that it will work with standard security provider. Ticket #392
* Fixed PrettyPrintCert and PrettyPrintCrl.Endi Sukma Dewata2012-10-312-2/+2
| | | | | | | The wrappers for PrettyPrintCert and PrettyPrintCrl has been fixed to include the class names. Ticket #381
* Fix symkey build dependencyAde Lee2012-10-301-1/+1
|
* Allow a PKI instance to be installed/configured independentlyMatthew Harmsen2012-10-3014-3/+123
| | | | | * TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing a user to skip configuration . . .
* Fix for ticket 384 - Incorrect profiles path referencedAbhishek Koneru2012-10-291-17/+20
|
* Removal of version numbers from jar file namesMatthew Harmsen2012-10-2913-190/+33
| | | | * TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
* Enabled authentication for key services.Endi Sukma Dewata2012-10-2922-101/+938
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Fixed synchronization problem in CertificateRepository.Endi Sukma Dewata2012-10-293-70/+68
| | | | | | | | Some synchronized methods in CertificateRepository may block modifyCeritifcateRecord() too long, so they have been moved into CRLIssuingPoint and CertStatusUpdateThread. Ticket #313
* Enabled Tomcat security manager.Endi Sukma Dewata2012-10-266-251/+204
| | | | | | | | | | | | | | | The tomcat.conf and the template deployment configuration have been modified to enable the security manager. The operations script has been modified to generate a new catalina.policy from the standard Tomcat policy, the standard PKI policy and the custom policy every time the instance is started. The current catalina.policy has been changed to store a header for the dynamically generated catalina.policy. A new pki.policy has been added to store the default PKI security policy. An empty custom.policy has been added to store policy customization. Ticket #223
* Refactored GetDomainXML servlet.Endi Sukma Dewata2012-10-261-119/+10
| | | | | | | The GetDomainXML servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Added REST interface to get domain info.Endi Sukma Dewata2012-10-2613-174/+843
| | | | | | | | The REST interface for security domain has been updated to provide a method to get the domain info. A CLI has been provided to access this method. Ticket #309
* Enabled account service for TKS and OCSP.Endi Sukma Dewata2012-10-258-1/+90
| | | | | | | The REST account service has been added to TKS and OCSP to enable authentication. Ticket #375
* Restrict AJP to localhost only by defaultAde Lee2012-10-255-5/+5
| | | | Ticket 369
* changes to remove pki-selinux from f18 buildAde Lee2012-10-231-1/+3
|
* Added conditions for security domain REST service.Endi Sukma Dewata2012-10-231-4/+21
| | | | | | | | The CertificateAuthorityApplication has been modified to deploy the REST service for security domain only if the server has been configured with a new security domain. Ticket #309
* Fixed error handling in RetrieveModificationsTask.Endi Sukma Dewata2012-10-231-47/+70
| | | | | | | | | | | | | The RetrieveModificationsTask has been modified such that it can recover from errors while still allowing graceful shutdown. The task is scheduled to run once. When it's done it will schecule another one depending on the situation. If the search is abandoned or the connection is closed it will wait one minute before reconnecting. If the system is being shutdown it will not schedule any more task. Ticket #365
* Fixed KRA test.Endi Sukma Dewata2012-10-227-16/+16
| | | | | The security configuration, JAXB mappings, and test script for KRA have been updated to run properly.
* Enabled realm authentication for certificate requests.Endi Sukma Dewata2012-10-223-1/+3
| | | | | | | | | The realm authentication on certificate request REST services has been enabled. Since now in the CLI the authentication is done using a separate login operation, it is now possible to POST the approval data without the problem related to chunked message. Ticket #300
* Added REST account service.Endi Sukma Dewata2012-10-2212-5/+212
| | | | | | | | | A REST account service has been added to allow client to login to establish a session and to logout to destroy the session. This way multiple operations can be executed using the same session without having to re-authenticate. Ticket #357
* Provide option to install, rather than replicate schema in a cloneAde Lee2012-10-2210-8/+59
|
* Reorder VLV indexing for clones to avoid errorsAde Lee2012-10-225-16/+15
|
* Added PKIPrincipal.Endi Sukma Dewata2012-10-182-26/+60
| | | | | | | | | | | Previously in PKIRealm the authentication token was stored in a thread local variable. This does not work for multiple operations executed using the same session because each operation may be handled by different threads. A new PKIPrincipal has been added to store the authentication token so that the threads can get the correct token for the session. Ticket #357
* Added PKIConnection.Endi Sukma Dewata2012-10-1815-335/+403
| | | | | | | | | The code in PKIClient has been refactored into PKIConnection such that a single connection object can be used by several REST clients. The PKIClient will remain the base class for all REST clients. Ticket #357
* Fixes to get TPS to configure correctlyAde Lee2012-10-184-18/+22
| | | | | | | | 1. Reorder http.conf to actually read worker config 2. Change functions so that the TPS would restart. Before restarts would fail because the tus link already exists 3. Modify system verification test to return correctly when tests are successful
* Refactored GetCookie servlet.Endi Sukma Dewata2012-10-181-89/+43
| | | | | | | The GetCookie servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Enabled authentication for security domain REST interface.Endi Sukma Dewata2012-10-1817-155/+458
| | | | | | | | The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
* Reverted to old interface and httpclient to get installation token.Ade Lee2012-10-122-0/+31
| | | | | This is a workaround until we can get the new interface working on IPA clones.
* changes to remind folks not to use pkicreate/pkiremoveAde Lee2012-10-122-178/+8
|
* Return to d9 behavior for RetrieveModificationsTaskAde Lee2012-10-111-3/+3
|
* Added pki_tomcat_script_t type and rules to support upgraded instancesAde Lee2012-10-111-1/+18
| | | | | This is so runcon in pkicontrol will continue to work for d9 style instances.
* New selinux interface needed for certmonger directory accessAde Lee2012-10-102-1/+21
|
* Added pki_tomcat_cert_t type and interface to access itAde Lee2012-10-105-1/+51
| | | | | Added permissions to certmonger to access the certdb. Also added some missing selinux permissions for pki_tomcat_t
* Fix name of CS.cfg backup fileAde Lee2012-10-081-1/+1
|
* Backup CS.cfg before d10 updateAde Lee2012-10-081-0/+3
|
* Merged pki-silent into pki-server.Endi Sukma Dewata2012-10-072-12/+10
| | | | | | The pki-silent package has been merged into pki-server package. Ticket #354
* Renamed "shared" folder to "server".Endi Sukma Dewata2012-10-073-16/+12
| | | | | | | The "shared" folder in /usr/share/pki has been renamed to "server" since it contains only server files. Ticket #353
* Changes to start pki_ra and pki_tps in correct contextAde Lee2012-10-0511-24/+53
| | | | | Added required selinux versions to spec file. Also added additional rule needed for F17
* add selinux context for pkidaemon, remove unneeded pid and lock codeAde Lee2012-10-055-67/+30
| | | | | remove runcon from operations, add rules for spawn/destroy, add mgrepl changes to policy
* move common policy into tps, ra templatesAde Lee2012-10-052-336/+98
|
* Use the tomcat selinux domain for the Java processesAde Lee2012-10-052-321/+97
|
* Added needed link for updated d9 -> d10 instancesAde Lee2012-10-051-1/+3
| | | | Ticket 356
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-0134-57/+45
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* Added package checking for pkispawn.Endi Sukma Dewata2012-10-012-0/+7
| | | | | | | The pkispawn has been modified such that it will check whether the package for the subsystem being created has been installed. Ticket #332
* https://fedorahosted.org/pki/ticket/252 - TMS - ECC Key RecoveryChristina Fu2012-09-303-29/+74
|
* TMS key recovery part of - Bug 737122 - DRM: during archiving and ↵Christina Fu2012-09-281-36/+115
| | | | recovering, wrapping unwrapping keys should be done in the token
* Added version number into server status.Endi Sukma Dewata2012-09-281-0/+2
| | | | | | | The GetStatus servlet has been modified to include the server version number. Ticket #339
* Added VERSION file.Endi Sukma Dewata2012-09-2825-0/+180
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* fall back to old interface for installtoken if neededAde Lee2012-09-272-4/+87
|