summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
* add selinux context for pkidaemon, remove unneeded pid and lock codeAde Lee2012-10-055-67/+30
| | | | | remove runcon from operations, add rules for spawn/destroy, add mgrepl changes to policy
* move common policy into tps, ra templatesAde Lee2012-10-052-336/+98
|
* Use the tomcat selinux domain for the Java processesAde Lee2012-10-052-321/+97
|
* Added needed link for updated d9 -> d10 instancesAde Lee2012-10-051-1/+3
| | | | Ticket 356
* Using RPM version number in CMake.Endi Sukma Dewata2012-10-0134-57/+45
| | | | | | | | | | | | The RPM spec files have been modified to pass the full RPM version number to CMake. The version number contains the product version number, release number, milestone, and platform. The CMake scritps will parse and use this version number to generate Java manifest files. The product version number will be used as the specification version and full version number will be used as the implementation version. Ticket #339
* Added package checking for pkispawn.Endi Sukma Dewata2012-10-012-0/+7
| | | | | | | The pkispawn has been modified such that it will check whether the package for the subsystem being created has been installed. Ticket #332
* https://fedorahosted.org/pki/ticket/252 - TMS - ECC Key RecoveryChristina Fu2012-09-303-29/+74
|
* TMS key recovery part of - Bug 737122 - DRM: during archiving and ↵Christina Fu2012-09-281-36/+115
| | | | recovering, wrapping unwrapping keys should be done in the token
* Added version number into server status.Endi Sukma Dewata2012-09-281-0/+2
| | | | | | | The GetStatus servlet has been modified to include the server version number. Ticket #339
* Added VERSION file.Endi Sukma Dewata2012-09-2825-0/+180
| | | | | | | | | | | The CMake scripts have been modified to store the version number in /usr/share/pki/VERSION and in JAR manifest files. These files can be read by PKI applications to obtain the version number without having to query the RPM database. Fixed warnings in Java.cmake file. Ticket #339
* fall back to old interface for installtoken if neededAde Lee2012-09-272-4/+87
|
* Renamed escapeDN() into escapeRDNValue().Endi Sukma Dewata2012-09-278-63/+63
| | | | | | | The escapeDN() has been renamed into escapeRDNValue() for better clarity. Ticket #193
* (fixed warning for) task #304 TMS ECC infrastructure (enrollment with ↵Christina Fu2012-09-261-2/+2
| | | | client-side and server-side key generation, and key archival)
* Correctly resolve symlinks in subdirectoriesMatthew Harmsen2012-09-251-3/+4
| | | | | | | | | | | | * TRAC Ticket #338 - Dogtag 10: pkihelper.py directory.set_mode() does not resolve symlinks correctly This patch fixes the problem that although top-level symlinks are correctly identified as symbolic links, symlinks which exist under a subdirectory are incorrectly identified as files, and thus the 'chown' and 'chmod' commands are applied to the symlink which in turn actually get applied to the target file instead.
* Use getStatus servlet to provide startup statusAde Lee2012-09-212-0/+8
| | | | Ticket 314
* Audit Cert RenewalMatthew Harmsen2012-09-201-2/+2
| | | | | * TRAC Ticket #333 - Increase audit cert renewal range to 2 years * Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years
* Changes to use standard dbuserAde Lee2012-09-197-26/+111
| | | | | | | | | | | | | | | | | We create a user that can be used to connect to the database using the subsystem cert for client auth. We identified this user, using the seeAlso attribute and provided certmap rules to this effect. For this user, we used to reuse the uid = user CA-hostname-port, which is already created for inter-system communication. But this is problematic if more than one dbuser exists, as the directory server may bind as the incorrect user. In any replication topology, there must be only one dbuser using the subsystem cert. To simplify things, we create a new user specifically for this purpose (pkidbuser), and we remove the seeAlso attribute from the older dbusers. A script is needed to convert existing dogtag 9 istances to use the new user, and set the relevant acls. This will be done in a separate commit.
* Provide default for operations transition list, related # 858816.Jack Magne2012-09-191-0/+1
|
* Added DN and filter escaping in ConfigurationUtils.Endi Sukma Dewata2012-09-191-19/+19
| | | | | | | The ConfigurationUtils has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193
* Removed duplicate DN escaping methods.Endi Sukma Dewata2012-09-198-130/+14
| | | | | | | | The duplicate methods to escape DN value have been removed. The codes that used the duplicate methods have been modified to use LDAPUtil.escapeDN(). Ticket #193
* Added DN and filter escaping in UGSubsystem.Endi Sukma Dewata2012-09-192-26/+34
| | | | | | | The UGSubsystem has been modified to escape values used in DN or filter according to LDAP standard. Ticket #193
* Fixed conflicting log4j.properties.Endi Sukma Dewata2012-09-193-21/+22
| | | | | | | | | The <instance>/lib link has been replaced with a real folder which contains links to the files in /usr/share/tomcat/lib. This way the log4j.properties can be placed in this folder without causing conflicts with other instances. Ticket: #284
* https://fedorahosted.org/pki/ticket/304Christina Fu2012-09-183-39/+311
| | | | TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
* https://fedorahosted.org/pki/ticket/304Christina Fu2012-09-1811-244/+579
| | | | TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
* Fixed problems with optional pki-symkey.Endi Sukma Dewata2012-09-184-8/+18
| | | | | | | | The deployment and init scripts have been fixed to create and check the link to symkey.jar if a TKS instance is added, and remove the link if the instance is removed. Ticket #331
* Deregister subsystem in merged instanceMatthew Harmsen2012-09-132-1/+9
| | | | * TRAC Ticket #311 - Unable to deregister subsystem in merged instance
* Correct incorrect file paths in default file contextsAde Lee2012-09-131-3/+3
|
* Restart existing instances upon package updateMatthew Harmsen2012-09-121-1/+11
| | | | | | | * TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances upon RPM "update" . . . * TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy" from /usr/bin to /usr/sbin . . .
* Various fixes to installation servlet and pki-deployAde Lee2012-09-126-255/+212
| | | | | | | Added logging so that we can see what is passed in to server from pkispawn. Fixed incorrect dbuser specification. Added required replication config items to pkispawn. Initial refactoring of construct_pki_configuration_data in pkijython.py
* Fixed SELinux error during pkidestroy.Endi Sukma Dewata2012-09-121-28/+68
| | | | | | | | | When removing a subsystem the pkidestroy would also remove the SELinux contexts for the instance regardless of whether there are still other subsystems in the instance. The code has been fixed such that it's removing the SELinux contexts when deleting the last subsystem only. Ticket #89
* Added common ROOT webapp.Endi Sukma Dewata2012-09-1211-37/+289
| | | | | | | | | | | The current ROOT webapp will redirect users coming to the root URL path to the proper path of the subsystem's webapp. Since now a single Tomcat instance may have multiple subsystems, a new ROOT webapp has been added to present the user with a menu of all available webapps from all subsystems in the instance. Ticket #89
* Added common theme webapp.Endi Sukma Dewata2012-09-122-0/+21
| | | | | | | | | A new theme webapp has been added to store the theme files for all PKI webapps. In the future the subsystem webapps can be modified to use the theme files provided by this common webapp instead of having to include duplicate files in each webapp. Ticket #89
* Bugzilla Bug# 852855 - rhcs81 - remove unexpected anonymous binds to ↵Jack Magne2012-09-101-17/+19
| | | | internal db in cert status thread.
* Verify symbolic linksMatthew Harmsen2012-09-071-1/+1
| | | | | * TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks in an instance (support non-default instance names)
* Merged Javadoc packages.Endi Sukma Dewata2012-09-055-91/+43
| | | | | | | The Javadocs for pki-util, pki-java-tools and pki-common have been merged and packaged into pki-javadoc RPM. Ticket #295
* Added proxy realm.Endi Sukma Dewata2012-09-0514-81/+411
| | | | | | | | | | | | | | | | | CMS engine is a singleton and it's used by PKI realm to authenticate users accessing the subsystem. Since a Tomcat instance may contain multiple subsystems, each having separate realm, the PKI JAR links need to be moved into WEB-INF/lib so that they will run inside separate class loaders. Tomcat also requires that the authenticator and realm classes be available in common/lib. To address this a new package pki-tomcat.jar has been added. The package contains the authenticator and a proxy realm. When the subsystems start running, they will register their own realms into the proxy realms such that the authentications will be forwarded to the appropriate subsystems. Ticket #89
* Moved webapp deployment code into pkispawn.Endi Sukma Dewata2012-09-055-27/+60
| | | | | | | | | | | | Previously the WAR files were generated at build time, so it would include theme files that were installed on the build machine. The code has been changed such that instead of generating WAR files pkispawn will copy the webapp files from the theme folders and combine them with subsystem webapp files at deployment time. This way it will use the actual theme files installed on the deployment machine. Ticket #89
* Removed duplicate common classes in pki-console.jar.Endi Sukma Dewata2012-09-042-21/+12
| | | | | | | | The pki-console has been modified to depend on pki-base. This way it's no longer necessary to include duplicate common classes in pki-console. Ticket #113
* Fixed conflicting LDIF files.Endi Sukma Dewata2012-09-041-3/+6
| | | | | | | | | During subsystem configuration the ConfigurationUtils.importLDIFS() would generate LDIF files in <instance>/conf folder which may conflict with files belonging to other subsystems. The code has been modified to generate the files in <instance>/<subsystem>/conf folder. Ticket #89
* Fixed anon connection factory to make no anonymous bindsAde Lee2012-08-312-14/+24
| | | | This allow server to come up with DS where anon binds are turned off.
* Bug 844800 - TPS should provide the ability to not allow tokens marked as ↵Jack Magne2012-08-306-16/+148
| | | | 'Terminated' to be formatted and reused.
* Updated CMake jar() function.Endi Sukma Dewata2012-08-301-11/+5
| | | | | | | | | The jar() function has been modified to support multiple input dirs in a single command. This way it's not necessary to define multiple jar targets for the same jar file. The pki-console build script has been updated to utilize this functionality. Ticket #89
* Moved REST CLI into pki-tools.Endi Sukma Dewata2012-08-2954-210/+212
| | | | | | | | | | The pki-client.jar has been split and merged into pki-certsrv.jar and pki-tools.jar. The REST client classes are now packaged in com.netscape.certsrv.<component> packages. The REST CLI classes are now packaged in com.netscape.cmstools.<component> packages. The "pki" script has been moved into pki-tools RPM package. Ticket #215
* Merged pki-native-tools and pki-java-tools.Endi Sukma Dewata2012-08-292-3/+3
| | | | | | | | | The pki-native-tools and pki-java-tools have been merged into pki-tools and pki-server will depend on it. Since pki-ra and pki-tps depends on pki-server they automatically depends on pki-tools as well. Ticket #295
* Bugzilla Bug #849027 - rhcs81 tks failed start in selftest sharedsessionkey ↵Jack Magne2012-08-291-2/+4
| | | | - symkey PK11_Derive.
* Verify symbolic links and update CS.cfg for Dogtag 10Matthew Harmsen2012-08-293-7/+823
| | | | | | | * TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks in an instance * TRAC Ticket #303 - Dogtag 10: CS.cfg parameters for Dogtag 9 instance running under Dogtag 10 packages . . .
* Fixed exceptions during shutdown.Endi Sukma Dewata2012-08-2815-44/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | The shutdown() methods in several classes have been fixed to allow more graceful shutdown and clean restart. There are two types of object attributes that need to be handled differently. Attributes that are initialized by the constructor should not be nulled during shutdown because they won't be reinitialized during restart. If they require a cleanup (e.g. emptying collections, closing LDAP connections) it's not necessary to check for null before calling the cleanup method because they're never null. For attributes that are initialized during init(), it may not be necessary to do a cleanup or null the attribute since they might still be used by other threads and they will be reinitialized during restart so the old objects will be garbage collected. If they do need a cleanup they should be checked for null because they might still be null due to init() failure or initialization conditionals. If the attributes are initialized conditionally, the logic has been modified to ensure the attributes are either initialized or set to null. Ticket #247
* https://fedorahosted.org/pki/ticket/241Christina Fu2012-08-231-8/+12
| | | | TPS ECC: when TPS server acts as an ECC SSL client to CA, TKS, or DRM, it needs to support ECC ciphers
* Bug 820695 - Tracker - TPS (ECC with nethsm) configuration failed at key ↵Christina Fu2012-08-231-43/+44
| | | | | | | | generation This patch calls with the right flags for each supported HSM to the new certutil that addressed the following bug: Bug 820684 - certutil support for EC on HSMs - need to call PK11_GenerateKeyPairWithOpFlags()
* subsequent OCSPs and DRM connector protectionAndrew Wnuk2012-08-203-50/+60
| | | | | | | | | This patch corrects process of attaching OCSP subsystem to CA. It improves handling of adding subsequent OCSP subsystems to CA. This patch also prevents DRM connector to be overwritten by subsequent DRM installations. Bug 804179.
generated by cgit (git 2.34.1) at 2024-11-11 03:03:32 +0000