| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
We need to keep the admin cert and p12 file in case the client directory
is purged.
|
| |
|
|
|
|
| |
As oer review, changed useCommonAdmin to importAdminCert
|
|
|
|
|
|
|
| |
The pki.policy has been modified to grant permission to symkey.jar
which is used by TKS.
Ticket #415
|
|
|
|
|
|
|
|
|
| |
Previously the deployment tools used symbolic links to determine the
scriplets to execute and their order. The code has been changed such
that now the scriplets are listed as parameters (spawn_scriplets and
destroy_scriplets) in the configuration file.
Ticket #403
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously to create a subsystem the admin would have to copy the
entire default deployment configuration, which contains many
parameters, and then customize it. Now the deployment code has been
changed such that the default config file will be used to provide
the default values, so the admin will only need to provide the
non-default parameters, thus reducing the size of the file.
Sample configuration files are provided in /usr/share/pki/
deployment/config.
Ticket #399
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
|
|
|
|
|
|
|
|
| |
The CertSearchRequest has been modified to fix the infinite loop
in getIssuedOnTo(). The CertFindCLI has been modified to accept
dates with format YYYY-MM-DD instead of epoch time.
Ticket #416
|
|
|
|
|
|
|
|
|
| |
The deployment code has been modified such that if the security
domain user is not specified it will use the CA admin uid, or
Common uid, if it is defined. Otherwise it will use the default
"caadmin".
Ticket #399
|
|
|
|
|
|
|
| |
The code in pkiparser.py has been converted into PKIConfigParser
class to facilitate further improvements.
Ticket #399
|
| |
|
|
|
|
|
|
|
| |
1. Modified cmake dependency
2. Corrected conditionals in spec file
3. Added paths for resteasy-base
4. Added paths to policy for resteasy-base
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
All remaining theme files for Tomcat subsystems which include
the templates and JS files have been moved from the theme folder
at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem
webapp folder at base/<subsystem>/shared/webapps/<subsystem>.
The deployment tools have been updated to use the new location.
Ticket #407
|
|
|
|
|
|
|
| |
The common templates have moved from common-ui into base/common.
The deployment tools have been updated to use the new location.
Ticket #407
|
|
|
|
| |
Ticket 404
|
|
|
|
|
|
|
|
|
| |
The ESC images have been moved from tps-ui into common-ui. The
pkicreate has been updated to deploy the ESC images from common-ui
into /pki/esc. The paths in templates and CSS file have been
modified to point to the new location.
Ticket #328
|
|
|
|
|
|
|
|
|
|
|
| |
The pkispawn and pkicreate have been updated to deploy the
combined images and CSS files from the common-ui into /pki/images
and /pki/css.
The common Velocity templates and JavaScript files still need to
be deployed from the <subsystem>-ui packages into each subsystem.
Ticket #328
|
|
|
|
|
|
|
| |
The CMakeLists.txt for pkisilent has been fixed to remove references
to subca_silent.template.
Ticket #398
|
|
|
|
|
| |
This fixes an error in a previous commit which breaks creation
and removal of non-CA subsystems
|
|
|
|
| |
Ticket 411
|
|
|
|
| |
Ticket 412
|
| |
|
|
|
|
| |
* TRAC Ticket #398 - Move default location for client certificate databas
|
|
|
|
|
|
| |
* TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
'pki-server'
* TRAC Ticket #398 - Move default location for client certificate database
|
|
|
|
| |
* TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA
|
|
|
|
|
|
|
|
|
| |
Previously ACL checking was done in PKIRealm by matching the URL.
This code has been replaced by ACLInterceptor which will intercept
RESTEasy method invocations. This allows more precise mapping of
REST methods to ACL entries in acl.ldif.
Ticket #287
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the theme files are copied into each subsystem during
deployment creating duplicates. To reduce the problem the files
should be combined into a common folder /pki.
The process will be done over several patches. Initially this patch
will copy the images and CSS files into /pki/images and /pki/css.
Subsequent patches will update references to these files to the new
location. When it's done, the files no longer need to be copied
into each subsystem.
Ticket #328
|
|
|
|
|
| |
Sometimes importing the ascii admin cert into th client certdb fails.
The binary always appears to work though.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg. This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.
The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem. An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.
Ticket 379, 385
|
|
|
|
|
|
|
|
| |
The CertPrettyPrint has been modified to use the standard names
for message digests so that it will work with standard security
provider.
Ticket #392
|
|
|
|
|
|
|
| |
The wrappers for PrettyPrintCert and PrettyPrintCrl has been fixed
to include the class names.
Ticket #381
|
| |
|
|
|
|
|
| |
* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing
a user to skip configuration . . .
|
| |
|
|
|
|
| |
* TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
|
|
|
|
|
|
|
|
| |
The web.xml in KRA has been modified to enable the authentication
for key and key request services. Some tools have been added to
access the services via command-line.
Ticket #376
|
|
|
|
|
|
|
|
| |
Some synchronized methods in CertificateRepository may block
modifyCeritifcateRecord() too long, so they have been moved
into CRLIssuingPoint and CertStatusUpdateThread.
Ticket #313
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.
The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.
Ticket #223
|
|
|
|
|
|
|
| |
The GetDomainXML servlet has been refactored to use the new
SecurityDomainProcessor.
Ticket #309
|
|
|
|
|
|
|
|
| |
The REST interface for security domain has been updated to provide
a method to get the domain info. A CLI has been provided to access
this method.
Ticket #309
|
|
|
|
|
|
|
| |
The REST account service has been added to TKS and OCSP to enable
authentication.
Ticket #375
|
|
|
|
| |
Ticket 369
|
| |
|
|
|
|
|
|
|
|
| |
The CertificateAuthorityApplication has been modified to deploy
the REST service for security domain only if the server has been
configured with a new security domain.
Ticket #309
|