summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix to sort the output of a cert search by serialno.Jack Magne2016-08-056-18/+197
|
* Added check for Subsystem data and request in 'pki-server subsystem-cert-export'Abhijeet Kasurde2016-08-051-3/+12
| | | | | | Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1353245 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fixed NumberFormatException in tps-cert-findGeetika Kapoor2016-08-051-4/+16
| | | | Signed-off-by: Geetika Kapoor <gkapoor@redhat.com>
* Ticket#2428 broken request links for CA's system certs in agent request viewingChristina Fu2016-08-041-1/+1
| | | | This patch fixes the issue that when an agent visit one of the CA's system cert request records, exception is thrown.
* Add pkispawn option to disable Master CRLAde Lee2016-08-044-1/+7
|
* Fixed problem creating links to PKI JAR files.Endi S. Dewata2016-08-032-6/+6
| | | | | | | | | | The CMake create_symlink command fails if the link target does not exist already. Since PKI JAR files may not exist at build time, the commands to create the links to those files have been replaced with the ln -sf command which will create the links regardless of the targets' existence. https://fedorahosted.org/pki/ticket/2403
* Fix deployment issueAde Lee2016-08-021-2/+5
| | | | | | | Need to put pki_server_side_keygen in a conditional to avoid breaking other subsystem deployments. Ticket 2418
* pki-tools man pagesMatthew Harmsen2016-08-015-0/+916
| | | | | | | | | * PKI TRAC Ticket #690 - [MAN] pki-tools man pages - AtoB, - BtoA, - KRATool, - PrettyPrintCert, and - PrettyPrintCrl
* Added log message in PKIClient.Endi S. Dewata2016-07-301-1/+10
| | | | | | | To help troubleshooting the PKIClient class has been modified to log the certificate chain retrieved from the CA. https://fedorahosted.org/pki/ticket/2399
* Fix client-cert-import to set provided trust bitsAde Lee2016-07-291-4/+12
| | | | Ticket 2412
* Do slot substitution for SERVER_KEYGENAde Lee2016-07-292-0/+3
| | | | Ticket 2418
* Re-license the python client files to LGPLv3Ade Lee2016-07-2920-110/+314
|
* Fixed SELinux contexts.Endi S. Dewata2016-07-283-2/+43
| | | | | | | | | | The deployment tool has been modified to set up SELinux contexts after all instance files have been created to ensure they have the correct contexts. An upgrade script has been added to fix existing instances. https://fedorahosted.org/pki/ticket/2421
* Added upgrade scripts to fix server library.Endi S. Dewata2016-07-284-0/+58
| | | | | | | | An upgrade script has been added to replace the <instance>/common in existing instances with a link to /usr/share/pki/server/common which contains links to server dependencies. https://fedorahosted.org/pki/ticket/2403
* Make starting CRL Number configurable.Jack Magne2016-07-275-20/+69
| | | | | | | | | | | | | | | | | | | | | | | | | Ticket #2406 Make starting CRL Number configurable This simple patch provides a pkispawn config param that passes some starting crl number value to the config process. Here is a sample: [CA] pki_ca_starting_crl_number=4000 After the CA comes up the value of "crlNumber" in the db will reflect that value of 4000. Currently no other values are changed. We can talk about if we need more values reset in the given case. Also, this creates a setting in the CS.cfg ca.crl.MasterCrl.startingCrlNumber=4000 This setting is only consulted when the crl Issuing Point record is created for the first time.
* Removed hard-coded paths in deployment tool.Endi S. Dewata2016-07-264-297/+54
| | | | | | | | | The deployment tool has been modified to link <instance>/common to /usr/share/pki/server/common instead of creating separate links for each dependency. This allows the RPM spec to customize the links for different platforms. https://fedorahosted.org/pki/ticket/2403
* Removed hard-coded paths in pki CLI.Endi S. Dewata2016-07-263-39/+52
| | | | | | | | | | The pki CLI has been modified to use java.ext.dirs property to load the dependencies instead of listing them individually. The dependencies are stored as links in /usr/share/pki/lib folder. This allows the RPM spec to customize the links for different platforms. https://fedorahosted.org/pki/ticket/2403
* Removed hard-coded paths in pki.policy.Endi S. Dewata2016-07-262-131/+17
| | | | | | | | | The operations script has been modified to generate pki.policy dynamically from links in the <instance>/common/lib directory. This allows the pki.policy to match the actual paths in different platforms. https://fedorahosted.org/pki/ticket/2403
* Added CMake target dependencies.Endi S. Dewata2016-07-267-1/+8
| | | | | | | | | | To help troubleshooting build issues, some CMake dependencies have been added to some targets even though the actual codes do not require those dependencies. This will ensure the targets are built sequentially so build failures can be found more easily at the end of the build log. https://fedorahosted.org/pki/ticket/2403
* Allow PrettyPrintCert to process HEADERs and TRAILERs.Matthew Harmsen2016-07-221-2/+2
| | | | | * PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements Checked-in under one-liner/trivial rule.
* Stop using a java8 only constant. Will allow compilation with java7.Jack Magne2016-07-221-1/+3
| | | | Trivial fix.
* Fixed param substitution problem.Endi S. Dewata2016-07-221-2/+2
| | | | | | | The string splice operation in substitute_deployment_params() has been fixed to include the rest of the string. https://fedorahosted.org/pki/ticket/2399
* Fixed error handling in SystemConfigService.Endi S. Dewata2016-07-201-6/+6
| | | | | | | | To help troubleshooting the SystemConfigService has been modified to chain the original exception and to log stack trace into the debug log. https://fedorahosted.org/pki/ticket/2399
* Fixed pkispawn installation summary.Endi S. Dewata2016-07-201-4/+3
| | | | | | | | | The pkispawn installation summary has been modified not to show the admin certificate nickname and NSS database if pki_client_database_purge or pki_clone is set to true since the NSS database will not be created in those cases. https://fedorahosted.org/pki/ticket/2399
* Removed redundant question in interactive pkispawn.Endi S. Dewata2016-07-201-4/+4
| | | | | | | | The pkispawn has been modified such that if the admin selects to import the admin certificate the admin will not be asked where to export the certificate. https://fedorahosted.org/pki/ticket/2399
* Ticket #2246 [MAN] Man Page: AuditVerifyChristina Fu2016-07-151-0/+110
| | | | This patch contains the man page for AuditVerify.
* Fixed cert usage list in pki client-cert-validate.Endi S. Dewata2016-07-152-1/+8
| | | | | | | | The pki client-cert-validate has been modified to add the missing EmailRecipient and to list the supported cert usages. https://fedorahosted.org/pki/ticket/2376 https://fedorahosted.org/pki/ticket/2399
* [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to ↵Jack Magne2016-07-144-2/+178
| | | | | | | | | | | | appropriate 'pki' man page This fix will involve the following changes to the source tree. 1. Fixes to the CS.cfg to add two new cert profiles. 2. Make the caDualCert.cfg profile invisible since it has little chance of working any more in Firefox. 3. Create caSigningUserCert.cfg and caSigningECUserCert.cfg to allow the CLI to have convenient profiles from which to enroll signing ONLY certificates.
* Fixed certificate validation error message.Endi S. Dewata2016-07-141-1/+1
| | | | | | | The pkihelper.py has been modified to display the correct external command name on system certificate validation error. https://fedorahosted.org/pki/ticket/2399
* Added fix for pki-server for db-updateGeetika Kapoor2016-07-141-2/+2
| | | | | | | fixes: https://fedorahosted.org/pki/ticket/1667 Signed-off-by: Geetika Kapoor <gkapoor@redhat.com> Reviewed-by: Fraser Tweedale <ftweedal@redhat.com>
* Ticket #2389 fix for regular CA installationChristina Fu2016-07-111-6/+11
| | | | This patch addresses the issue that with the previous patch, the regular (non-external and non-existing) CA installation fails.
* Ticket #978 PPS connector man page: add revocation routing infoChristina Fu2016-07-081-1/+22
|
* Fixed pki pkcs12-import output.Endi S. Dewata2016-07-071-1/+4
| | | | | | | | The pki pkcs12-import has been modified to suppress the output of external command execution and display a completion message more consistently. https://fedorahosted.org/pki/ticket/2399
* Fixed problem with pki pkcs12-import --no-trust-flags.Endi S. Dewata2016-07-071-3/+0
| | | | | | | | The pki pkcs12-import CLI has been fixed such that when it calls pki pkcs12-cert-find internally it does not add --no-trust-flags option. https://fedorahosted.org/pki/ticket/2399
* Added general exception handling for pki-server CLI.Endi S. Dewata2016-07-061-0/+6
| | | | | | | | The pki-server CLI has been modified to catch all exceptions and display a simple exception message. In verbose mode it will display the stack trace. https://fedorahosted.org/pki/ticket/2381
* Added validation for pki client-cert-request sensitive parameter.Endi S. Dewata2016-07-061-0/+3
| | | | | | | The pki client-cert-request CLI has been modified to validate the boolean sensitive parameter. https://fedorahosted.org/pki/ticket/2383
* Added validation for pki client-cert-request extractable parameter.Endi S. Dewata2016-07-061-0/+3
| | | | | | | The pki client-cert-request CLI has been modified to validate the boolean extractable parameter. https://fedorahosted.org/pki/ticket/2383
* Fixed CLI error message on connection problemsEndi S. Dewata2016-07-061-1/+12
| | | | | | | The CLI has been modified to display the actual error message instead of generic ProcessingException. https://fedorahosted.org/pki/ticket/2377
* Fixed exception chain in SigningUnit.init().Endi S. Dewata2016-07-063-19/+32
| | | | | | | The SigningUnit.init() has been modified to chain the exceptions to help troubleshooting. https://fedorahosted.org/pki/ticket/2399
* Added instance and subsystem validation for pki-server subsystem-* commands.Abhijeet Kasurde2016-07-061-13/+53
| | | | | | | The pki-server subsystem-* commands have been updated to validate the instance and subsystem before proceeding with the operation. https://fedorahosted.org/pki/ticket/2399
* Separated TPS does not automatically receive shared secret from remote TKS.Jack Magne2016-07-019-197/+435
| | | | | | | | | | | | | | | | | | | | | Support to allow the TPS to do the following: 1. Request that the TKS creates a shared secret with the proper ID, pointing to the TPS. 2. Have the TKS securely return the shared secret back to the TPS during the end of configuration. 3. The TPS then imports the wrapped shared secret into it's own internal NSS db permanenty and. 4. Given a name that is mapped to the TPS's id string. Additional fixes: 1. The TKS was modified to actually be able to use multiple shared secrets registered by multiple TPS instances. Caveat: At this point if the same remote TPS instance is created over and over again, the TPS's user in the TKS will accumulate "userCert" attributes, making the exportation of teh shared secret not functional. At this point we need to assume that the TPS user has ONE "userCert" registered at this time.
* Generting Symmetric key fails with key-generate when --usages verify is passedJack Magne2016-07-011-1/+3
| | | | | | | | | Ticket #1114 Minor adjustment to the man page for the key management commands to say which usages are appropriate for sym keys and those appropriate for asym keys. t
* Add HSM informationMatthew Harmsen2016-07-012-1/+180
| | | | | - PKI TRAC Ticket #1405 - Add additional HSM details to 'pki_default.cfg' & 'pkispawn' man pages
* Updated notification message for DB subsystem commandAbhijeet Kasurde2016-07-011-5/+15
| | | | Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
* Updated notification message for TPS subsystem commandAbhijeet Kasurde2016-07-011-8/+26
| | | | Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
* Updated notification message for TKS subsystem commandAbhijeet Kasurde2016-07-011-0/+7
| | | | Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
* Updated notification message for OCSP subsystem commandAbhijeet Kasurde2016-07-011-0/+6
| | | | Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
* Updated notification message for kra-db-vlv* commandAbhijeet Kasurde2016-07-011-15/+23
| | | | Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295
* Added instance and subsystem validation for pki-server ca-* commands.Endi S. Dewata2016-07-011-7/+37
| | | | | | | | | | | The pki-server ca-* commands have been modified to validate the instance and the CA subsystem before proceeding with the operation. The usage() methods and invocations have been renamed into print_help() for consistency. https://fedorahosted.org/pki/ticket/2364
* Fixed pki-server subsystem-cert-update.Endi S. Dewata2016-07-013-96/+120
| | | | | | | | | | | | | | | | | | | | | | The pki-server subsystem-cert-update is supposed to restore the system certificate data and requests into CS.cfg. The command was broken since the CASubsystem class that contains the code to find the certificate requests from database was not loaded correctly. To fix the problem the CASubsystem class has been moved into the pki/server/__init__.py. All pki-server subsystem-* commands have been modified to check the validity of the instance. An option has been added to the pki-server subsystem-cert-show command to display the data and request of a particular system certificate. The redundant output of the pki-server subsystem-cert-update has been removed. The updated certificate data and request can be obtained using the pki-server subsystem-cert-show command. https://fedorahosted.org/pki/ticket/2385
generated by cgit (git 2.34.1) at 2025-09-29 20:33:16 +0000