summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix code to add replicationdb password unless already presentAde Lee2015-07-241-1/+1
| | | | | | | | | The replicationdb password is an instance parameter and should be created by the first subsystem in the instance. This should happen independantly of whether replication is being set up in case it is needed to set up replication (as a master) later. Related to Ticket 1414
* Fixed ObjectNotFoundException in PKCS12Export.Endi S. Dewata2015-07-201-6/+6
| | | | | | | The PKCS12Export has been fixed to handle ObjectNotFoundException when exporting certificates without private keys. https://fedorahosted.org/pki/ticket/1506
* Added pki-tps-profile man page.Endi S. Dewata2015-07-185-28/+188
| | | | | | | | | A new man page has been added for the pki tps-profile CLI. The CLI has been modified to refer to the new man page. Some other man pages have been cleaned up as well. https://fedorahosted.org/pki/ticket/1271
* Updated man pages with TPS info.Endi S. Dewata2015-07-183-30/+178
| | | | | | | The man pages for pkispawn and pki_default.cfg have been updated to include TPS deployment parameters. https://fedorahosted.org/pki/ticket/1277
* Updated man page for configuring secure LDAP connection.Endi S. Dewata2015-07-181-36/+77
| | | | | | | | | | | | The instruction to setup secure LDAP connection in the pkispawn man page has been updated. The sample deployment configuration file has been made more generic. The setup-ds.pl has been removed from the instruction since generating a self-signed certificate requires a DS admin server. The URL to download setupssl2.sh has been changed with a more direct link. The sample LDAP password has been changed to match the current deployment configuration examples. Some paragraphs have been line wrapped to simplify man page development.
* Added 'pkidaemon' man page.Matthew Harmsen2015-07-171-0/+304
|
* Added pki-audit man page.Endi S. Dewata2015-07-172-2/+112
| | | | | | | | A new man page has been added for the pki <subsystem>-audit CLI. Due to database upgrade issue the command is currently only available in TPS. https://fedorahosted.org/pki/ticket/1437
* Removed audit CLI from non-TPS subsystems.Endi S. Dewata2015-07-1713-39/+13
| | | | | | | | | | Due to database upgrade issue the pki <subsystem>-audit CLI has been removed from all subsystems except TPS. The AuditModifyCLI has been modified to clarify that the --action and the --input parameters are mutually exclusive. https://fedorahosted.org/pki/ticket/1437
* Remove 'setup' directory containing remaining Perl routinesMatthew Harmsen2015-07-175-4383/+0
| | | | - PKI TRAC Ticket #1492 - remove pki-proxy-setup
* Document workaround for 1454 in 'pkispawn' man page.Jack Magne2015-07-171-1/+18
| | | | Ticket #1486.
* Removed hard-coded /root in pkispawn man page.Endi S. Dewata2015-07-171-5/+6
| | | | | | | | | The /root in pkispawn man page has been replaced with a more generic $HOME. An incorrect /root in the following example has been removed: semanage -a -t pki_tomcat_cert_t /root/backup_keys.p12
* TPS add phone home URLs to pkidaemon status message.Jack Magne2015-07-169-1316/+120
| | | | | | Ticket # 1466 . Also remove some needless copies of server.xml from the code.
* Updated pkispawn man page.Endi S. Dewata2015-07-161-103/+302
| | | | | | | | | The pkispawn man page has been updated to clarify the section headers of various deployment scenarios. Some paragraphs have been line wrapped to simplify man page development. The existing sample password has been replaced with another password that does not match a parameter name to simplify search and replace for customization.
* Fix exception when talking to dogtag 9 systemsAde Lee2015-07-161-6/+3
| | | | | | | | | | | | | When getting a token from the security domain for a Dogtag 9 system, we first attempt to reach the REST interfaces. When this fails (with 404 exception), we catch the exception and try the old interfaces. The exception being thrown has been changed from the deprecated ClientResponseFailure to being wrapped in a PKIException, so the code catching the exception needs to be modified accordingly. Ticket 1495
* Added man pages for pki-serverAde Lee2015-07-165-0/+429
| | | | Trac ticket 1356
* Handle JSON decode error in handle_exceptions()Christian Heimes2015-07-151-11/+24
| | | | | | | | | | | | | pki.handle_exceptions() raises a JSON decode exception when the body of the HTTPException is not a valid JSON string. The JSON exception hides the true error message. The patch also fixes a bug in PKIException.from_json(). The code and ClassName attribute are now correctly set. Finally we have our first unit test. https://fedorahosted.org/pki/ticket/1488 https://fedorahosted.org/freeipa/ticket/5129
* Fixed PKCS12Export output.Endi S. Dewata2015-07-152-207/+265
| | | | | | | | | | | | The PKCS12Export has been modified such that if an error occurs in normal mode it will display the error message and in debug mode it will display the full stack trace. The code has also been refactored such that it can be reused as a library in addition to command-line tool. The code will now throw exceptions instead of exiting to the system. https://fedorahosted.org/pki/ticket/1224
* Fixed cert-find performance.Endi S. Dewata2015-07-154-69/+130
| | | | | | | | The CertService.searchCerts() has been modified to use the VLV properly to retrieve just the entries in the requested page, thus reducing the response time and memory requirement. Some classes have been modified to clean up the debugging logs.
* Renamed deprecated pylint 'disable-msg' to 'disable'.Matthew Harmsen2015-07-141-1/+1
|
* Man page updates for cloningAde Lee2015-07-141-6/+41
| | | | Ticket 1076
* Disable 'W1401' anomalous-backslash-in-string pylint warning for regexMatthew Harmsen2015-07-131-0/+1
| | | | expressions used by system call to 'sed'.
* Ticket 1459 Dogtag clients cannot connect when CS is configured with ECCChristina Fu2015-07-136-1/+69
| | | | clients are: cli, HttpClient, and java console
* ecc Console - 1. clean up the tabs in the JSSConnection constructorChristina Fu2015-07-131-45/+45
|
* remove inaccessible URLs from server.xmlMatthew Harmsen2015-07-134-6/+44
| | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible
* Fixed NPE during key-retrieve.Endi S. Dewata2015-07-133-105/+125
| | | | | | | | | | | | Keys archived through the KRA connector in CA have null data type attribute which causes a NPE during retrieval using the key-retrieve CLI. The SecurityDataRecoveryService has been modified to consider null data type attribute as asymmetric key type. The KeyRetrieveCLI and KeyService have been modified to generate better debugging messages to help troubleshooting. https://fedorahosted.org/pki/ticket/1481
* Add details on exporting and importing system certs when cloning.Ade Lee2015-07-131-1/+16
| | | | Trac ticket 852, 853
* Ticket 1414: Add documentation of pki_clone_setup_replicationAde Lee2015-07-131-1/+5
|
* pkispawn man page ECC exampleMatthew Harmsen2015-07-101-0/+34
| | | | - PKI TRAC Ticket #1460 - Add 'pkispawn' man page example for ECC
* In-tree tests and linting with toxChristian Heimes2015-07-104-28/+31
| | | | | | | | | | | | | | | | | | | | | | | | | Before the patch it wasn't possible to run pylint outside a RPM build. The Python sources were split into common and server files in two separate trees. With setup.py and tox the pki package can now be installed and tested in a virtual env. Tox enables developers to automate installation and testing in Python virtual environment. The new tox.ini performs several tasks with one command: * It creates and installs a source distribution of pki packages and its command line scripts * It verifies that all CLI scripts can be execute (using its --help argument). * It runs pylint on all Python files and CLI scripts. * It can run flake8 on all Python and CLI files (disabled for now). * Finally it builds Sphinx autodocs. I had to delay the root check in pkispawn and pkidestroy and modify two files to get rid of Sphinx warnings. https://fedorahosted.org/pki/ticket/696 http://tox.readthedocs.org
* The man page for tpsclient does not exist.Jack Magne2015-07-093-9/+151
| | | | | | Ticket #1629 Provide a man page for the tool "tpsclient".
* Fixed user-cert-add --serial with remote CA.Endi S. Dewata2015-07-099-238/+396
| | | | | | | | | | | | | | | | | The user-cert-add command has been modified to ask the user for the CA server URI if the CA is not available locally. A new SubsystemClient.exists() method has been added to check whether a subsystem is deployed on the target instance. The SubsystemCLI has been modified to call logout() only if the operation is executed successfully. The certificate approval callback class has been refactored out of PKIConnection into a separate class to clean up circular dependency with PKIClient. https://fedorahosted.org/pki/ticket/1448
* Fixed default cert-find filter.Endi S. Dewata2015-07-063-129/+136
| | | | | | | | To improve the performance the default LDAP filter generated by cert-find has been changed to (certStatus=*) to match an existing VLV index. https://fedorahosted.org/pki/ticket/1449
* Verify raw profile config before accepting itFraser Tweedale2015-07-061-1/+42
| | | | | | | | | | | | Creating or modifying a profile with bad profile data in the "raw" format succeeds and saves the bad data. After restart, the profile cannot be loaded and attempting to use, modify or delete or recreate the profile will fail. Verify raw profile data by instantiating a temporary profile and attempting to initialise it with the received configuration. Fixes: https://fedorahosted.org/pki/ticket/1462
* Omit OCSP from clone description.Jack Magne2015-07-061-4/+4
| | | | | Ticket #1358. Also note that OCSP cloning is unsupported as of now.
* Note on overriding pki_client_dir when using an HSMMatthew Harmsen2015-07-061-0/+3
| | | | | | - PKI TRAC Ticket #1425 - pkispawn CA with HSM - if the config file has pki_client related params the dir is not created and the admin cert p12 file is stored nowhere
* Ticket 1447 pkispawn: findCertByNickname fails to find cert in creating ↵Christina Fu2015-07-061-5/+9
| | | | shared tomcat subsystems on HSM
* Fixed fail-over in HttpConnection.Endi S. Dewata2015-07-025-142/+154
| | | | | | | | | | | The HttpConnection class has been modified to support fail-over and timeout more consistently. The targets are parsed into a list during initialization. All direct calls to HttpClient.connect() are replaced with a method that will connect to the first available target. All connections are now created with a timeout (which by default is 0). https://fedorahosted.org/pki/ticket/891
* Fixed NPE in key-archive CLI.Endi S. Dewata2015-07-022-15/+16
| | | | | | | | The pki CLI has been modified such that if the security database location (-d) is not specified, the config.certDatabase will be initialized with the default value (i.e. ~/.dogtag/nssdb). The config.certDatabase is needed by the CLI to prepare the client library for key archival operations.
* Fixed pki help CLI.Endi S. Dewata2015-07-0213-6/+148
| | | | | | A new findModules() method has been added to the CLI class to find the list of modules handling a command. The list will be used by the pki help CLI to find the proper man page for the specified command.
* Unable to select ECC Curves from EE fix.Jack Magne2015-07-021-1/+80
| | | | | | | | | | | | | | | | Ticket #1446: Without the crypto object, the user is now presented with a very bared bones keygen tag powered UI. ONe can only select a key strength and only use RSA. This fix adds simple UI to make better use of the keygen tag: 1. Allows the use of ECC. 2. Gives simple info on how the key strengths map to RSA key size and ECC curves. When the user selects High, they get RSA 2043, and ECC nistp384. When the user selects Medium, they get RSA 1024, and ECC nistp256.
* Limited Interactive Installation SupportMatthew Harmsen2015-07-022-33/+56
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Fix Pin Reset tokenType resolution.Jack Magne2015-07-012-13/+31
| | | | | | | Ticket #1423 Pin reset operation using tpsclient fails. Recently we had added a new way to resolve the profile. That new method was not used in the PinReset Processor. This fix addresses that and allows the Pin Reset operation to complete.
* Add GP211 applet and latest GP201 applet for RSA.Jack Magne2015-07-015-43/+34
| | | | | | | | | Ticket # 793: Add support for Secure Channel Protocol 02 Properly select the coolkey applet in the "getAppletVersion" routine. For some reason the gp211 applet revealed this issue. Tested to work with both gp211 scp02 card and gp201 scp01 card.
* Ability to toggle profile usablity in Web vs CLI tools.Jack Magne2015-07-011-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Ticket #1442. This fix gives the command line enrollment commands the ability to enroll a cert against a profile that has been marked as not visible but "enabled". With the simple fix the following scenarios tested to work: The "caUserCert" Profile was marked as not visible, but enabled. 1. pki -c Secret123 client-cert-request --profile caUserCert uid=jmagne This is the simplest form of user cert enrollment. 2. pki ca-cert-request-profile-show caUserCert --output testuser.xml pki ca-cert-request-submit testuser.xml The first command gives us the profile's xml file, which after modification is used to enroll. 3. pki -d ~/.dogtag/pki -c "" -n "PKI Administrator for localdomain" ca-profile-show caUserCert This one shows that we can view the contents of a non visible profile. Listing is not allowed. We felt this appropiate to allow a command line user to get the details of a non visible profile that they know aobut and want to use.
* Ticket 1438 pkispawn: SSL_ForceHandshake issue for non-CA on HSM on both ↵Christina Fu2015-07-011-35/+72
| | | | shared and nonshared tomcat instances
* Cleaned up SystemConfigService.configureClone().Endi S. Dewata2015-07-012-51/+23
| | | | | | The getCloningData() in SystemConfigService has been renamed to configureClone(). Redundant try-catch blocks have been removed. Some exception messages have been modified to include more info.
* Cleaned up SystemConfigService.validateRequest().Endi S. Dewata2015-07-014-34/+41
| | | | | | | | | | The configure() in SystemConfigService method has been modified to log only the error message in normal responses but log the full stack trace when unexpected issues occur. The validateData() in SystemConfigService has been renamed to validateRequest() for clarity. The log messages have been modified to include the invalid values entered in the request.
* Updated pki man page.Endi S. Dewata2015-06-301-0/+25
| | | | | | | The pki man page has been updated to describe results paging parameters. https://fedorahosted.org/pki/ticket/1122
* Updated pki-cert man page.Endi S. Dewata2015-06-301-0/+67
| | | | | | | The man page for pki-cert has been modified to describe the file format used to specify the search constraints. https://fedorahosted.org/pki/ticket/995
* Fixed Modutil.is_security_module_registered().Endi S. Dewata2015-06-291-45/+45
| | | | | | | | Due to issues with HSM the Modutil.is_security_module_registered() has been modified to the get the list of all registered modules and then use it to check if a module is registered. https://fedorahosted.org/pki/ticket/1444
generated by cgit (git 2.34.1) at 2025-10-01 16:33:21 +0000