summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed selftests log message.Endi S. Dewata2015-06-2315-809/+449
| | | | | | | | | | | | | The SelfTestSubsystem has been modified to display a 'successful' message only if all tests have passed. If a test fails, it will log a failure, subsequent tests will not be executed, and the subsystem will shutdown immediately. The runSelfTest() in various tests have been cleaned up to throw the original exception to help troubleshooting. The unused RAPresence test has been removed. https://fedorahosted.org/pki/ticket/1249
* Fixed ProxyRealm for Tomcat 8.Endi S. Dewata2015-06-191-0/+5
| | | | | The Realm interface has changed in recent Tomcat 8 version. The ProxyRealm class that implements it has been updated accordingly.
* Add profiles schema update fileFraser Tweedale2015-06-191-0/+4
| | | | | | | | | Dogtag does not yet have a reliable way to update its schema, but FreeIPA does need to add the new schema for LDAP-based profiles during upgrade to 4.2. As a temporary solution until Dogtag can manage its own schema updates (including when deployed as FreeIPA CA), FreeIPA will perform the schema upgrade. Provide a schema file that FreeIPA can use to do this.
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-182-0/+4
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Check security module registrationMatthew Harmsen2015-06-182-0/+59
| | | | | | - PKI TRAC Ticket #1426 - pkispawn of KRA on HSM fails (shared instances) - PKI TRAC Ticket #1427 - pkispawn of OCSP on HSM fails (shared instances) - PKI TRAC Ticket #1429 - pkispawn of TKS on HSM fails (shared instances)
* Fixed thread leaks during shutdown.Endi S. Dewata2015-06-1836-92/+137
| | | | | | | | Various codes have been modified to properly stop threads during shutdown. A new ID attribute has been added to the LDAP connection factory classes to help identify leaking threads. https://fedorahosted.org/pki/ticket/1327
* ticket 867 symkey library path link fixChristina Fu2015-06-182-0/+9
|
* Fixed pkidaemon to show TPS status.Endi S. Dewata2015-06-183-5/+36
| | | | | | | The operations script and the server.xml templates have been modified to display TPS status in pkidaemon. https://fedorahosted.org/pki/ticket/1278
* Fixed typos in Web UI.Endi S. Dewata2015-06-182-2/+2
|
* Fix for HSM cloning issueMatthew Harmsen2015-06-172-0/+47
|
* fix pylint issueChristina Fu2015-06-171-2/+2
|
* add pkiuser to nfast groupMatthew Harmsen2015-06-164-0/+96
| | | | - PKI TRAC Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group
* Startup log message improvementes.Endi S. Dewata2015-06-163-9/+96
| | | | | | | | The PKIListener has been modified to verify that all subsystems are running and to show the command to enable the subsystem if it was disabled due to errors. https://fedorahosted.org/pki/ticket/1406
* CRMFPopClient improvements.Endi S. Dewata2015-06-161-12/+33
| | | | | | The CRMFPopClient has been modified to use the HttpClient library to connect to the server, to show the HTTP status code if an error occurs, and to show the NSS database directory in verbose mode.
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Mozilla crypto object warning:Jack Magne2015-06-162-1/+8
| | | | | | Provide simple textual warning when the user is using a browser that no longer supports the crypto object, which results in reduced CA certficat enrollment functionality. For simplicity provide the warning at the top of the main index page and at the top of the CA's services page. The services page is where the pkispawn of the CA points the uers after installation. The ticket originally called for a JS warnign but the simple text warning should be less intrusive and repetitive to the user. Ticket #1398 Provide UI Javascript warning for missing Mozilla Crypto Object in the CA.
* Warning for the main index to tell the user that the crypto object is not ↵Jack Magne2015-06-161-0/+8
| | | | available for use in the browser.
* Run pylint on upgrade scriptsChristian Heimes2015-06-1625-44/+43
| | | | | | | pylint-build-scan.sh doesn't checked the upgrader's Python files yet. This patch adds the common and server upgrade scripts to pylint-build-scan.sh. It also fixes a couple of pylint violations, mostly missing calls to __init__().
* Make pki group-member-show case insensitiveChristian Heimes2015-06-161-2/+2
| | | | | | | | Make the memberID argument of getGroupMember() case insensitive. The groupID argument is already case insensitive. The groupID string is used as CN element in an LDAP query, which is case insensitive by definition. https://fedorahosted.org/pki/ticket/1069
* Add new KRA audit events to KRA's CS.cfgChristian Heimes2015-06-162-0/+76
| | | | | | | The patch implements an updater, that adds the new KRA signed audit events (#1160) to KRA's CS.cfg. https://fedorahosted.org/pki/ticket/1382
* NPE when modifying profile without 'action' paramChristian Heimes2015-06-161-0/+5
| | | | | | | In modifyProfileState check the 'action' query paramter for NULL and raise a BadRequestException when the paramater is not set. https://fedorahosted.org/pki/ticket/1361
* Update: fix CS.cfg permissionsFraser Tweedale2015-06-161-0/+1
| | | | | The 10.2.3/02-FixBindPWPrompt upgrade scriptlet leaves CS.cfg owned by root. chown CS.cfg to the instance owner.
* Upgrade: add scriptlet to fix nuxwdog listener classFraser Tweedale2015-06-161-0/+36
|
* Upgrade: check file exists before chowningFraser Tweedale2015-06-161-1/+2
| | | | | | Dogtag entered a state where an upgrade script failed before it was trying to chown a file that didn't exist. Add a check that the file exists.
* Invoke PKIInstance.load() during upgradeFraser Tweedale2015-06-161-0/+3
| | | | | | Some upgrade servlets use attributes loaded when PKIInstance.load() is invoked, but it may not have been; breakage ensues. Invoke it before executing upgrade scriptlets.
* Ticket 1412 Should disable the caCrossSignedCACert and caRACert profileChristina Fu2015-06-152-4/+4
|
* Ticket 1410 Issue with Generic Extension being criticalChristina Fu2015-06-154-10/+35
| | | | - patch ported from https://bugzilla.redhat.com/show_bug.cgi?id=1011984
* Cleaned up links in main page.Endi S. Dewata2015-06-117-135/+20
| | | | | | | | | | | | | The ROOT's index.jsp has been modified to show the links to all subsystems installed on the instance. When opened, it will show the services provided by the subsystem. The pkispawn output has been modified to show the subsystem URL more consistently: https://<hostname>:<port>/<subsystem> In all subsystems except TPS the page will redirect to: https://<hostname>:<port>/<subsystem>/services
* Remove x86 architecture limitationsMatthew Harmsen2015-06-118-146/+3
| | | | - PKI Trac Ticket #1392 - Remove i686/x86_64 architecture
* Fixed NPE in ROOT's index.jsp.Endi S. Dewata2015-06-081-17/+27
| | | | | | | The ROOT's index.jsp has been modified to check each subsystem's servlet context for null before accessing the value. https://fedorahosted.org/pki/ticket/1407
* Added man page for pki group-member.Endi S. Dewata2015-06-083-24/+122
| | | | https://fedorahosted.org/pki/ticket/1064
* Added man page for pki user-cert.Endi S. Dewata2015-06-083-0/+111
| | | | https://fedorahosted.org/pki/ticket/849
* Fixed man page for pki user-mod.Endi S. Dewata2015-06-081-8/+18
| | | | https://fedorahosted.org/pki/ticket/835
* Ticket 867 Need to support TPS as a separate tomcat instance.Christina Fu2015-06-013-11/+1
| | | | | This patch addressed the issue that TPS on independent Tomcat is missing symlink to symkey.jar and causes all symkey method reference to fail
* remove extra space in CS.cfg for ↵Christina Fu2015-05-291-1/+1
| | | | op.format.soCleanSOToken.validateCardKeyInfoAgainstTokenDB=true
* Fixed overwritten deployment property.Endi S. Dewata2015-05-292-2/+1
| | | | | | | The pki_pin has been removed from the default.cfg to avoid overwriting the randomly generated default value. https://fedorahosted.org/pki/ticket/1393
* Fix typo in CS.cfgAde Lee2015-05-291-1/+1
|
* BZ1226025 - pkidaemon script checks for wrong symlinks for nuxwdog startupAde Lee2015-05-291-7/+13
| | | | Fixed startup script to account for nuxwdog
* Cleaned up python docs generation.Endi S. Dewata2015-05-286-65/+65
| | | | | | | The script to generate Python docs has been cleaned up and simplified. The python-sphinx configuration files have been moved into base/common/python. The build artifacts are now created in the build/base/common/python.
* PKI TRAC Ticket #1388 - pylint unidiomatic-typecheck warnings cause koji ↵Matthew Harmsen2015-05-262-4/+5
| | | | | | builds to fail (cherry picked from commit d2c24aff4e9dc6aa27b337479cfee1fac4940994)
* Ticket 1309 Recovering of a revoked cert erroneously reflects "active" in ↵Christina Fu2015-05-229-18/+215
| | | | the token db cert entry
* disable backup keys and share master keys when using an HSMMatthew Harmsen2015-05-223-6/+51
| | | | | - PKI TRAC Ticket #1371 - pkispawn: need to disable backup_keys when using an HSM (and provide recommendation); allow clones to share keys
* Added deployment parameters to construct pki_clone_uri.Endi S. Dewata2015-05-223-4/+6
| | | | | | | | New parameters have been added into the default.cfg to specify the master hostname and port for pki_clone_uri. By default they point to the security domain. The man page has been updated as well. https://fedorahosted.org/pki/ticket/1385
* Fixed key archival problem in CLI with separate KRA instance.Endi S. Dewata2015-05-223-60/+108
| | | | | | | | | | The CLI has been modified such that when enrolling a certificate with key archival it will obtain the transport certificate from the CA instead of KRA because the KRA may not reside on the same instance. The CA REST service has been modified such that it will obtain the transport certificate from the KRA connector. https://fedorahosted.org/pki/ticket/1384
* Cleaned up log messages in ConfigurationUtils.getPortFromSecurityDomain().Endi S. Dewata2015-05-221-4/+16
| | | | https://fedorahosted.org/pki/ticket/1372
* Use SimpleProperties to handle raw profile formatFraser Tweedale2015-05-221-2/+21
| | | | | | | | The store() method of the 'Properties' class escapes '=' and ':' in values, corrupting the profile data. Continue using 'Properties' to read the input (unescaping values) then copy the properties into a 'SimpleProperties' object so that unwanted backslashes do not appear in the output.
* Ticket 1307 (part2 keySet mapping) [RFE] Support multiple keySets for ↵Christina Fu2015-05-2110-242/+477
| | | | different cards for ExternalReg This patch adds support to keyset mapping
* Ticket 1307 (part1 refactoring) [RFE] Support multiple keySets for different ↵Christina Fu2015-05-2110-246/+249
| | | | cards for ExternalReg This patch is mainly refactoring the names of the Mapping Resolver framework in preparation for ticket 1307 to support keySet mapping in addition to the original purpose of resolving tokenType mapping. The reason to separate out refactoring from the real code is for ease of reviewing. TPS is currently a Tech Preview feature, so upgrade is not of consideration at the moment.
* Fix XSS attacks on the dogtag administration page #1373.Jack Magne2015-05-1512-141/+127
| | | | | | | | | | | | Porting this set of fixes over from last downstream release upstream. Upon further review, decided to fix a few missing things pointed out by the code review and a few other things: 1. Too many copies of escapeJavaScriptString all over the place. Consolidated the two related functions "escapeJavaScriptString" and "escapeJavaScriptStringHTML" methods in the CMSTemplate class to be called everywhere. Removed the duplicated methods in other classes. 2. There were some places where "escapeJavaScriptString" was called, when we really wanted "escapeJavaScriptStringHTML". Fixed that everywhere. One reason for this is a copied version of "escapeJavaScriptString" actually was identical to CMSTemplate.escapeJavaScriptString, which has been removed. XSS fixes.
* Ticket 1160 audit needed for getKeyInfo; audit missing for auth/authz at ↵Christina Fu2015-05-144-46/+166
| | | | REST. This patch addresses: (2) audit needed for getKeyInfo, the 2nd part of this ticket where the key services are missing some auditing.
generated by cgit (git 2.34.1) at 2025-10-01 21:29:57 +0000