| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The ESC images have been moved from tps-ui into common-ui. The
pkicreate has been updated to deploy the ESC images from common-ui
into /pki/esc. The paths in templates and CSS file have been
modified to point to the new location.
Ticket #328
|
|
|
|
|
|
|
|
|
|
|
| |
The pkispawn and pkicreate have been updated to deploy the
combined images and CSS files from the common-ui into /pki/images
and /pki/css.
The common Velocity templates and JavaScript files still need to
be deployed from the <subsystem>-ui packages into each subsystem.
Ticket #328
|
|
|
|
|
|
|
| |
The CMakeLists.txt for pkisilent has been fixed to remove references
to subca_silent.template.
Ticket #398
|
|
|
|
|
| |
This fixes an error in a previous commit which breaks creation
and removal of non-CA subsystems
|
|
|
|
| |
Ticket 411
|
|
|
|
| |
Ticket 412
|
| |
|
|
|
|
| |
* TRAC Ticket #398 - Move default location for client certificate databas
|
|
|
|
|
|
| |
* TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
'pki-server'
* TRAC Ticket #398 - Move default location for client certificate database
|
|
|
|
| |
* TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA
|
|
|
|
|
|
|
|
|
| |
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.
Ticket #287
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the theme files are copied into each subsystem during
deployment creating duplicates. To reduce the problem the files
should be combined into a common folder /pki.
The process will be done over several patches. Initially this patch
will copy the images and CSS files into /pki/images and /pki/css.
Subsequent patches will update references to these files to the new
location. When it's done, the files no longer need to be copied
into each subsystem.
Ticket #328
|
|
|
|
|
| |
Sometimes importing the ascii admin cert into th client certdb fails.
The binary always appears to work though.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg. This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.
The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem. An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.
Ticket 379, 385
|
|
|
|
|
|
|
|
| |
The CertPrettyPrint has been modified to use the standard names
for message digests so that it will work with standard security
provider.
Ticket #392
|
|
|
|
|
|
|
| |
The wrappers for PrettyPrintCert and PrettyPrintCrl has been fixed
to include the class names.
Ticket #381
|
| |
|
|
|
|
|
| |
* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing
a user to skip configuration . . .
|
| |
|
|
|
|
| |
* TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
|
|
|
|
|
|
|
|
| |
The web.xml in KRA has been modified to enable the authentication
for key and key request services. Some tools have been added to
access the services via command-line.
Ticket #376
|
|
|
|
|
|
|
|
| |
Some synchronized methods in CertificateRepository may block
modifyCeritifcateRecord() too long, so they have been moved
into CRLIssuingPoint and CertStatusUpdateThread.
Ticket #313
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.
The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.
Ticket #223
|
|
|
|
|
|
|
| |
The GetDomainXML servlet has been refactored to use the new
SecurityDomainProcessor.
Ticket #309
|
|
|
|
|
|
|
|
| |
The REST interface for security domain has been updated to provide
a method to get the domain info. A CLI has been provided to access
this method.
Ticket #309
|
|
|
|
|
|
|
| |
The REST account service has been added to TKS and OCSP to enable
authentication.
Ticket #375
|
|
|
|
| |
Ticket 369
|
| |
|
|
|
|
|
|
|
|
| |
The CertificateAuthorityApplication has been modified to deploy
the REST service for security domain only if the server has been
configured with a new security domain.
Ticket #309
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RetrieveModificationsTask has been modified such that it can
recover from errors while still allowing graceful shutdown.
The task is scheduled to run once. When it's done it will schecule
another one depending on the situation. If the search is abandoned
or the connection is closed it will wait one minute before
reconnecting. If the system is being shutdown it will not
schedule any more task.
Ticket #365
|
|
|
|
|
| |
The security configuration, JAXB mappings, and test script for KRA
have been updated to run properly.
|
|
|
|
|
|
|
|
|
| |
The realm authentication on certificate request REST services has
been enabled. Since now in the CLI the authentication is done using
a separate login operation, it is now possible to POST the approval
data without the problem related to chunked message.
Ticket #300
|
|
|
|
|
|
|
|
|
| |
A REST account service has been added to allow client to login
to establish a session and to logout to destroy the session. This
way multiple operations can be executed using the same session
without having to re-authenticate.
Ticket #357
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously in PKIRealm the authentication token was stored in a thread
local variable. This does not work for multiple operations executed
using the same session because each operation may be handled by
different threads. A new PKIPrincipal has been added to store the
authentication token so that the threads can get the correct token
for the session.
Ticket #357
|
|
|
|
|
|
|
|
|
| |
The code in PKIClient has been refactored into PKIConnection
such that a single connection object can be used by several
REST clients. The PKIClient will remain the base class for
all REST clients.
Ticket #357
|
|
|
|
|
|
|
|
| |
1. Reorder http.conf to actually read worker config
2. Change functions so that the TPS would restart. Before restarts
would fail because the tus link already exists
3. Modify system verification test to return correctly when tests
are successful
|
|
|
|
|
|
|
| |
The GetCookie servlet has been refactored to use the new
SecurityDomainProcessor.
Ticket #309
|
|
|
|
|
|
|
|
| |
The REST interface for security domain has been refactored and
configured such that it requires authentication. A CLI has been
added to get an installation token.
Ticket #309
|
|
|
|
|
| |
This is a workaround until we can get the new interface working on IPA
clones.
|
| |
|
| |
|
|
|
|
|
| |
This is so runcon in pkicontrol will continue to work for d9 style
instances.
|
| |
|
|
|
|
|
| |
Added permissions to certmonger to access the certdb. Also added
some missing selinux permissions for pki_tomcat_t
|
| |
|