summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
* Change the structure of the client directory.Ade Lee2012-12-033-14/+15
| | | | | We need to keep the admin cert and p12 file in case the client directory is purged.
* Common User: pkispawn changesAde Lee2012-12-033-149/+55
|
* Common admin user: config servlet changesAde Lee2012-12-032-35/+78
| | | | As oer review, changed useCommonAdmin to importAdminCert
* Fixed permission problem in TKS.Endi Sukma Dewata2012-11-301-0/+8
| | | | | | | The pki.policy has been modified to grant permission to symkey.jar which is used by TKS. Ticket #415
* Replaced links of scriptlets with lists.Endi Sukma Dewata2012-11-304-154/+35
| | | | | | | | | Previously the deployment tools used symbolic links to determine the scriplets to execute and their order. The code has been changed such that now the scriplets are listed as parameters (spawn_scriplets and destroy_scriplets) in the configuration file. Ticket #403
* Simplified the configuration file using defaults.Endi Sukma Dewata2012-11-307-18/+26
| | | | | | | | | | | | | | Previously to create a subsystem the admin would have to copy the entire default deployment configuration, which contains many parameters, and then customize it. Now the deployment code has been changed such that the default config file will be used to provide the default values, so the admin will only need to provide the non-default parameters, thus reducing the size of the file. Sample configuration files are provided in /usr/share/pki/ deployment/config. Ticket #399
* Reorganized sensitive parameters.Endi Sukma Dewata2012-11-3012-123/+150
| | | | | | | | | | | | | | | Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399
* Fixed issuedOn parameters for cert-find.Endi Sukma Dewata2012-11-302-9/+30
| | | | | | | | The CertSearchRequest has been modified to fix the infinite loop in getIssuedOnTo(). The CertFindCLI has been modified to accept dates with format YYYY-MM-DD instead of epoch time. Ticket #416
* Fixed default security domain user.Endi Sukma Dewata2012-11-301-18/+39
| | | | | | | | | The deployment code has been modified such that if the security domain user is not specified it will use the CA admin uid, or Common uid, if it is defined. Otherwise it will use the default "caadmin". Ticket #399
* Refactored pkiparser.py into PKIConfigParser.Endi Sukma Dewata2012-11-304-2239/+2244
| | | | | | | The code in pkiparser.py has been converted into PKIConfigParser class to facilitate further improvements. Ticket #399
* Fix for improper crl retrieval from CA.Abhishek Koneru2012-11-211-21/+22
|
* Misc changes to get rhel 7 build to workAde Lee2012-11-217-0/+30
| | | | | | | 1. Modified cmake dependency 2. Corrected conditionals in spec file 3. Added paths for resteasy-base 4. Added paths to policy for resteasy-base
* Link to resteasy-base on rhel systems when running pkispawnalee-91Ade Lee2012-11-214-13/+35
|
* Updating cmake variablesAde Lee2012-11-201-1/+1
|
* Change cmake projects from Java to NONEAde Lee2012-11-2023-23/+23
|
* Reorganized CA, KRA, OCSP, TKS templates.Endi Sukma Dewata2012-11-12294-8/+53535
| | | | | | | | | | | All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407
* Reorganized common templates.Endi Sukma Dewata2012-11-1235-76/+3167
| | | | | | | The common templates have moved from common-ui into base/common. The deployment tools have been updated to use the new location. Ticket #407
* Invalid ACL resources Fix in KRA for certServer.kra.keys resourceAbhishek Koneru2012-11-121-2/+1
| | | | Ticket 404
* Reorganized ESC images.Endi Sukma Dewata2012-11-111-0/+8
| | | | | | | | | The ESC images have been moved from tps-ui into common-ui. The pkicreate has been updated to deploy the ESC images from common-ui into /pki/esc. The paths in templates and CSS file have been modified to point to the new location. Ticket #328
* Updated tools to deploy combined images and CSS files.Endi Sukma Dewata2012-11-113-88/+53
| | | | | | | | | | | The pkispawn and pkicreate have been updated to deploy the combined images and CSS files from the common-ui into /pki/images and /pki/css. The common Velocity templates and JavaScript files still need to be deployed from the <subsystem>-ui packages into each subsystem. Ticket #328
* Fixed pkisilent build problem.Endi Sukma Dewata2012-11-101-1/+0
| | | | | | | The CMakeLists.txt for pkisilent has been fixed to remove references to subca_silent.template. Ticket #398
* Fix issue with pki_external being referenced for non-CAAde Lee2012-11-101-3/+7
| | | | | This fixes an error in a previous commit which breaks creation and removal of non-CA subsystems
* removed dry_run from pkispawnAde Lee2012-11-1012-1108/+724
| | | | Ticket 411
* Remove unused respawn code.Ade Lee2012-11-109-400/+0
| | | | Ticket 412
* Removed 'pki/base/silent/templates/subca_silent.template'.Matthew Harmsen2012-11-091-512/+0
|
* Move default location for client certificate database (pkisilent)Matthew Harmsen2012-11-091-1/+5
| | | | * TRAC Ticket #398 - Move default location for client certificate databas
* Move default location for client certificate databaseMatthew Harmsen2012-11-091-2/+2
| | | | | | * TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server' * TRAC Ticket #398 - Move default location for client certificate database
* Enable Subordinate CAMatthew Harmsen2012-11-084-16/+30
| | | | * TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA
* Added ACLInterceptor.Endi Sukma Dewata2012-11-0826-269/+299
| | | | | | | | | Previously ACL checking was done in PKIRealm by matching the URL. This code has been replaced by ACLInterceptor which will intercept RESTEasy method invocations. This allows more precise mapping of REST methods to ACL entries in acl.ldif. Ticket #287
* Updated clearpixel.gif paths.Endi Sukma Dewata2012-11-066-18/+18
|
* Updated logo_header.gif paths.Endi Sukma Dewata2012-11-061-1/+1
|
* Updated favicon.ico paths.Endi Sukma Dewata2012-11-061-1/+1
|
* Merged theme files.Endi Sukma Dewata2012-11-062-5/+192
| | | | | | | | | | | | | | Currently the theme files are copied into each subsystem during deployment creating duplicates. To reduce the problem the files should be combined into a common folder /pki. The process will be done over several patches. Initially this patch will copy the images and CSS files into /pki/images and /pki/css. Subsequent patches will update references to these files to the new location. When it's done, the files no longer need to be copied into each subsystem. Ticket #328
* Convert admin cert from ascii to binary before importing into certdbAde Lee2012-11-042-3/+17
| | | | | Sometimes importing the ascii admin cert into th client certdb fails. The binary always appears to work though.
* Set paths for default instanceAde Lee2012-11-046-44/+166
| | | | | | | | | | | | | | With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385
* Fixed problem finding SHA-256 message digest.Endi Sukma Dewata2012-10-311-1/+1
| | | | | | | | The CertPrettyPrint has been modified to use the standard names for message digests so that it will work with standard security provider. Ticket #392
* Fixed PrettyPrintCert and PrettyPrintCrl.Endi Sukma Dewata2012-10-312-2/+2
| | | | | | | The wrappers for PrettyPrintCert and PrettyPrintCrl has been fixed to include the class names. Ticket #381
* Fix symkey build dependencyAde Lee2012-10-301-1/+1
|
* Allow a PKI instance to be installed/configured independentlyMatthew Harmsen2012-10-3014-3/+123
| | | | | * TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing a user to skip configuration . . .
* Fix for ticket 384 - Incorrect profiles path referencedAbhishek Koneru2012-10-291-17/+20
|
* Removal of version numbers from jar file namesMatthew Harmsen2012-10-2913-190/+33
| | | | * TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
* Enabled authentication for key services.Endi Sukma Dewata2012-10-2922-101/+938
| | | | | | | | The web.xml in KRA has been modified to enable the authentication for key and key request services. Some tools have been added to access the services via command-line. Ticket #376
* Fixed synchronization problem in CertificateRepository.Endi Sukma Dewata2012-10-293-70/+68
| | | | | | | | Some synchronized methods in CertificateRepository may block modifyCeritifcateRecord() too long, so they have been moved into CRLIssuingPoint and CertStatusUpdateThread. Ticket #313
* Enabled Tomcat security manager.Endi Sukma Dewata2012-10-266-251/+204
| | | | | | | | | | | | | | | The tomcat.conf and the template deployment configuration have been modified to enable the security manager. The operations script has been modified to generate a new catalina.policy from the standard Tomcat policy, the standard PKI policy and the custom policy every time the instance is started. The current catalina.policy has been changed to store a header for the dynamically generated catalina.policy. A new pki.policy has been added to store the default PKI security policy. An empty custom.policy has been added to store policy customization. Ticket #223
* Refactored GetDomainXML servlet.Endi Sukma Dewata2012-10-261-119/+10
| | | | | | | The GetDomainXML servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Added REST interface to get domain info.Endi Sukma Dewata2012-10-2613-174/+843
| | | | | | | | The REST interface for security domain has been updated to provide a method to get the domain info. A CLI has been provided to access this method. Ticket #309
* Enabled account service for TKS and OCSP.Endi Sukma Dewata2012-10-258-1/+90
| | | | | | | The REST account service has been added to TKS and OCSP to enable authentication. Ticket #375
* Restrict AJP to localhost only by defaultAde Lee2012-10-255-5/+5
| | | | Ticket 369
* changes to remove pki-selinux from f18 buildAde Lee2012-10-231-1/+3
|
* Added conditions for security domain REST service.Endi Sukma Dewata2012-10-231-4/+21
| | | | | | | | The CertificateAuthorityApplication has been modified to deploy the REST service for security domain only if the server has been configured with a new security domain. Ticket #309