summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
* Added PKIConnection.Endi Sukma Dewata2012-10-1815-335/+403
| | | | | | | | | The code in PKIClient has been refactored into PKIConnection such that a single connection object can be used by several REST clients. The PKIClient will remain the base class for all REST clients. Ticket #357
* Fixes to get TPS to configure correctlyAde Lee2012-10-184-18/+22
| | | | | | | | 1. Reorder http.conf to actually read worker config 2. Change functions so that the TPS would restart. Before restarts would fail because the tus link already exists 3. Modify system verification test to return correctly when tests are successful
* Refactored GetCookie servlet.Endi Sukma Dewata2012-10-181-89/+43
| | | | | | | The GetCookie servlet has been refactored to use the new SecurityDomainProcessor. Ticket #309
* Enabled authentication for security domain REST interface.Endi Sukma Dewata2012-10-1817-155/+458
| | | | | | | | The REST interface for security domain has been refactored and configured such that it requires authentication. A CLI has been added to get an installation token. Ticket #309
* Reverted to old interface and httpclient to get installation token.Ade Lee2012-10-122-0/+31
| | | | | This is a workaround until we can get the new interface working on IPA clones.
* changes to remind folks not to use pkicreate/pkiremoveAde Lee2012-10-122-178/+8
|
* Return to d9 behavior for RetrieveModificationsTaskAde Lee2012-10-111-3/+3
|
* Added pki_tomcat_script_t type and rules to support upgraded instancesAde Lee2012-10-111-1/+18
| | | | | This is so runcon in pkicontrol will continue to work for d9 style instances.
* New selinux interface needed for certmonger directory accessAde Lee2012-10-102-1/+21
|
* Added pki_tomcat_cert_t type and interface to access itAde Lee2012-10-105-1/+51
| | | | | Added permissions to certmonger to access the certdb. Also added some missing selinux permissions for pki_tomcat_t
* Fix name of CS.cfg backup fileAde Lee2012-10-081-1/+1
|
* Backup CS.cfg before d10 updateAde Lee2012-10-081-0/+3
|
* Merged pki-silent into pki-server.Endi Sukma Dewata2012-10-072-12/+10
| | | | | | The pki-silent package has been merged into pki-server package. Ticket #354
* Renamed "shared" folder to "server".Endi Sukma Dewata2012-10-073-16/+12
| | | | | | | The "shared" folder in /usr/share/pki has been renamed to "server" since it contains only server files. Ticket #353
* Changes to start pki_ra and pki_tps in correct contextAde Lee2012-10-0511-24/+53
| | | | | Added required selinux versions to spec file. Also added additional rule needed for F17
* add selinux context for pkidaemon, remove unneeded pid and lock codeAde Lee2012-10-055-67/+30
| | | | | remove runcon from operations, add rules for spawn/destroy, add mgrepl changes to policy
* move common policy into tps, ra templatesAde Lee2012-10-052-336/+98
|
* Use the tomcat selinux domain for the Java processesAde Lee2012-10-052-321/+97
|
* Added needed link for updated d9 -> d10 instancesAde Lee2012-10-051-1/+3
| | | | Ticket 356
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-0134-57/+45
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* Added package checking for pkispawn.Endi Sukma Dewata2012-10-012-0/+7
| | | | | | | The pkispawn has been modified such that it will check whether the package for the subsystem being created has been installed. Ticket #332
* https://fedorahosted.org/pki/ticket/252 - TMS - ECC Key RecoveryChristina Fu2012-09-303-29/+74
|
* TMS key recovery part of - Bug 737122 - DRM: during archiving and ↵Christina Fu2012-09-281-36/+115
| | | | recovering, wrapping unwrapping keys should be done in the token
* Added version number into server status.Endi Sukma Dewata2012-09-281-0/+2
| | | | | | | The GetStatus servlet has been modified to include the server version number. Ticket #339
* Added VERSION file.Endi Sukma Dewata2012-09-2825-0/+180
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* fall back to old interface for installtoken if neededAde Lee2012-09-272-4/+87
|
* Renamed escapeDN() into escapeRDNValue().Endi Sukma Dewata2012-09-278-63/+63
| | | | | | | The escapeDN() has been renamed into escapeRDNValue() for better clarity. Ticket #193
* (fixed warning for) task #304 TMS ECC infrastructure (enrollment with ↵Christina Fu2012-09-261-2/+2
| | | | client-side and server-side key generation, and key archival)
* Correctly resolve symlinks in subdirectoriesMatthew Harmsen2012-09-251-3/+4
| | | | | | | | | | | | * TRAC Ticket #338 - Dogtag 10: pkihelper.py directory.set_mode() does not resolve symlinks correctly This patch fixes the problem that although top-level symlinks are correctly identified as symbolic links, symlinks which exist under a subdirectory are incorrectly identified as files, and thus the 'chown' and 'chmod' commands are applied to the symlink which in turn actually get applied to the target file instead.
* Use getStatus servlet to provide startup statusAde Lee2012-09-212-0/+8
| | | | Ticket 314
* Audit Cert RenewalMatthew Harmsen2012-09-201-2/+2
| | | | | * TRAC Ticket #333 - Increase audit cert renewal range to 2 years * Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years
* Changes to use standard dbuserAde Lee2012-09-197-26/+111
| | | | | | | | | | | | | | | | | We create a user that can be used to connect to the database using the subsystem cert for client auth. We identified this user, using the seeAlso attribute and provided certmap rules to this effect. For this user, we used to reuse the uid = user CA-hostname-port, which is already created for inter-system communication. But this is problematic if more than one dbuser exists, as the directory server may bind as the incorrect user. In any replication topology, there must be only one dbuser using the subsystem cert. To simplify things, we create a new user specifically for this purpose (pkidbuser), and we remove the seeAlso attribute from the older dbusers. A script is needed to convert existing dogtag 9 istances to use the new user, and set the relevant acls. This will be done in a separate commit.
* Provide default for operations transition list, related # 858816.Jack Magne2012-09-191-0/+1
|
* Added DN and filter escaping in ConfigurationUtils.Endi Sukma Dewata2012-09-191-19/+19
| | | | | | | The ConfigurationUtils has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193
* Removed duplicate DN escaping methods.Endi Sukma Dewata2012-09-198-130/+14
| | | | | | | | The duplicate methods to escape DN value have been removed. The codes that used the duplicate methods have been modified to use LDAPUtil.escapeDN(). Ticket #193
* Added DN and filter escaping in UGSubsystem.Endi Sukma Dewata2012-09-192-26/+34
| | | | | | | The UGSubsystem has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193
* Fixed conflicting log4j.properties.Endi Sukma Dewata2012-09-193-21/+22
| | | | | | | | | The <instance>/lib link has been replaced with a real folder which contains links to the files in /usr/share/tomcat/lib. This way the log4j.properties can be placed in this folder without causing conflicts with other instances. Ticket: #284
* https://fedorahosted.org/pki/ticket/304Christina Fu2012-09-183-39/+311
| | | | TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
* https://fedorahosted.org/pki/ticket/304Christina Fu2012-09-1811-244/+579
| | | | TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
* Fixed problems with optional pki-symkey.Endi Sukma Dewata2012-09-184-8/+18
| | | | | | | | The deployment and init scripts have been fixed to create and check the link to symkey.jar if a TKS instance is added, and remove the link if the instance is removed. Ticket #331
* Deregister subsystem in merged instanceMatthew Harmsen2012-09-132-1/+9
| | | | * TRAC Ticket #311 - Unable to deregister subsystem in merged instance
* Correct incorrect file paths in default file contextsAde Lee2012-09-131-3/+3
|
* Restart existing instances upon package updateMatthew Harmsen2012-09-121-1/+11
| | | | | | | * TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . * TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .
* Various fixes to installation servlet and pki-deployAde Lee2012-09-126-255/+212
| | | | | | | Added logging so that we can see what is passed in to server from pkispawn. Fixed incorrect dbuser specification. Added required replication config items to pkispawn. Initial refactoring of construct_pki_configuration_data in pkijython.py
* Fixed SELinux error during pkidestroy.Endi Sukma Dewata2012-09-121-28/+68
| | | | | | | | | When removing a subsystem the pkidestroy would also remove the SELinux contexts for the instance regardless of whether there are still other subsystems in the instance. The code has been fixed such that it's removing the SELinux contexts when deleting the last subsystem only. Ticket #89
* Added common ROOT webapp.Endi Sukma Dewata2012-09-1211-37/+289
| | | | | | | | | | | The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89
* Added common theme webapp.Endi Sukma Dewata2012-09-122-0/+21
| | | | | | | | | A new theme webapp has been added to store the theme files for all PKI webapps. In the future the subsystem webapps can be modified to use the theme files provided by this common webapp instead of having to include duplicate files in each webapp. Ticket #89
* Bugzilla Bug# 852855 - rhcs81 - remove unexpected anonymous binds to ↵Jack Magne2012-09-101-17/+19
| | | | internal db in cert status thread.
* Verify symbolic linksMatthew Harmsen2012-09-071-1/+1
| | | | | * TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks in an instance (support non-default instance names)
* Merged Javadoc packages.Endi Sukma Dewata2012-09-055-91/+43
| | | | | | | The Javadocs for pki-util, pki-java-tools and pki-common have been merged and packaged into pki-javadoc RPM. Ticket #295
generated by cgit (git 2.34.1) at 2024-11-12 17:15:00 +0000