summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed cert-find performance.Endi S. Dewata2015-07-154-69/+130
| | | | | | | | The CertService.searchCerts() has been modified to use the VLV properly to retrieve just the entries in the requested page, thus reducing the response time and memory requirement. Some classes have been modified to clean up the debugging logs.
* Renamed deprecated pylint 'disable-msg' to 'disable'.Matthew Harmsen2015-07-141-1/+1
|
* Man page updates for cloningAde Lee2015-07-141-6/+41
| | | | Ticket 1076
* Disable 'W1401' anomalous-backslash-in-string pylint warning for regexMatthew Harmsen2015-07-131-0/+1
| | | | expressions used by system call to 'sed'.
* Ticket 1459 Dogtag clients cannot connect when CS is configured with ECCChristina Fu2015-07-136-1/+69
| | | | clients are: cli, HttpClient, and java console
* ecc Console - 1. clean up the tabs in the JSSConnection constructorChristina Fu2015-07-131-45/+45
|
* remove inaccessible URLs from server.xmlMatthew Harmsen2015-07-134-6/+44
| | | | | - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible
* Fixed NPE during key-retrieve.Endi S. Dewata2015-07-133-105/+125
| | | | | | | | | | | | Keys archived through the KRA connector in CA have null data type attribute which causes a NPE during retrieval using the key-retrieve CLI. The SecurityDataRecoveryService has been modified to consider null data type attribute as asymmetric key type. The KeyRetrieveCLI and KeyService have been modified to generate better debugging messages to help troubleshooting. https://fedorahosted.org/pki/ticket/1481
* Add details on exporting and importing system certs when cloning.Ade Lee2015-07-131-1/+16
| | | | Trac ticket 852, 853
* Ticket 1414: Add documentation of pki_clone_setup_replicationAde Lee2015-07-131-1/+5
|
* pkispawn man page ECC exampleMatthew Harmsen2015-07-101-0/+34
| | | | - PKI TRAC Ticket #1460 - Add 'pkispawn' man page example for ECC
* In-tree tests and linting with toxChristian Heimes2015-07-104-28/+31
| | | | | | | | | | | | | | | | | | | | | | | | | Before the patch it wasn't possible to run pylint outside a RPM build. The Python sources were split into common and server files in two separate trees. With setup.py and tox the pki package can now be installed and tested in a virtual env. Tox enables developers to automate installation and testing in Python virtual environment. The new tox.ini performs several tasks with one command: * It creates and installs a source distribution of pki packages and its command line scripts * It verifies that all CLI scripts can be execute (using its --help argument). * It runs pylint on all Python files and CLI scripts. * It can run flake8 on all Python and CLI files (disabled for now). * Finally it builds Sphinx autodocs. I had to delay the root check in pkispawn and pkidestroy and modify two files to get rid of Sphinx warnings. https://fedorahosted.org/pki/ticket/696 http://tox.readthedocs.org
* The man page for tpsclient does not exist.Jack Magne2015-07-093-9/+151
| | | | | | Ticket #1629 Provide a man page for the tool "tpsclient".
* Fixed user-cert-add --serial with remote CA.Endi S. Dewata2015-07-099-238/+396
| | | | | | | | | | | | | | | | | The user-cert-add command has been modified to ask the user for the CA server URI if the CA is not available locally. A new SubsystemClient.exists() method has been added to check whether a subsystem is deployed on the target instance. The SubsystemCLI has been modified to call logout() only if the operation is executed successfully. The certificate approval callback class has been refactored out of PKIConnection into a separate class to clean up circular dependency with PKIClient. https://fedorahosted.org/pki/ticket/1448
* Fixed default cert-find filter.Endi S. Dewata2015-07-063-129/+136
| | | | | | | | To improve the performance the default LDAP filter generated by cert-find has been changed to (certStatus=*) to match an existing VLV index. https://fedorahosted.org/pki/ticket/1449
* Verify raw profile config before accepting itFraser Tweedale2015-07-061-1/+42
| | | | | | | | | | | | Creating or modifying a profile with bad profile data in the "raw" format succeeds and saves the bad data. After restart, the profile cannot be loaded and attempting to use, modify or delete or recreate the profile will fail. Verify raw profile data by instantiating a temporary profile and attempting to initialise it with the received configuration. Fixes: https://fedorahosted.org/pki/ticket/1462
* Omit OCSP from clone description.Jack Magne2015-07-061-4/+4
| | | | | Ticket #1358. Also note that OCSP cloning is unsupported as of now.
* Note on overriding pki_client_dir when using an HSMMatthew Harmsen2015-07-061-0/+3
| | | | | | - PKI TRAC Ticket #1425 - pkispawn CA with HSM - if the config file has pki_client related params the dir is not created and the admin cert p12 file is stored nowhere
* Ticket 1447 pkispawn: findCertByNickname fails to find cert in creating ↵Christina Fu2015-07-061-5/+9
| | | | shared tomcat subsystems on HSM
* Fixed fail-over in HttpConnection.Endi S. Dewata2015-07-025-142/+154
| | | | | | | | | | | The HttpConnection class has been modified to support fail-over and timeout more consistently. The targets are parsed into a list during initialization. All direct calls to HttpClient.connect() are replaced with a method that will connect to the first available target. All connections are now created with a timeout (which by default is 0). https://fedorahosted.org/pki/ticket/891
* Fixed NPE in key-archive CLI.Endi S. Dewata2015-07-022-15/+16
| | | | | | | | The pki CLI has been modified such that if the security database location (-d) is not specified, the config.certDatabase will be initialized with the default value (i.e. ~/.dogtag/nssdb). The config.certDatabase is needed by the CLI to prepare the client library for key archival operations.
* Fixed pki help CLI.Endi S. Dewata2015-07-0213-6/+148
| | | | | | A new findModules() method has been added to the CLI class to find the list of modules handling a command. The list will be used by the pki help CLI to find the proper man page for the specified command.
* Unable to select ECC Curves from EE fix.Jack Magne2015-07-021-1/+80
| | | | | | | | | | | | | | | | Ticket #1446: Without the crypto object, the user is now presented with a very bared bones keygen tag powered UI. ONe can only select a key strength and only use RSA. This fix adds simple UI to make better use of the keygen tag: 1. Allows the use of ECC. 2. Gives simple info on how the key strengths map to RSA key size and ECC curves. When the user selects High, they get RSA 2043, and ECC nistp384. When the user selects Medium, they get RSA 1024, and ECC nistp256.
* Limited Interactive Installation SupportMatthew Harmsen2015-07-022-33/+56
| | | | | - PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)
* Fix Pin Reset tokenType resolution.Jack Magne2015-07-012-13/+31
| | | | | | | Ticket #1423 Pin reset operation using tpsclient fails. Recently we had added a new way to resolve the profile. That new method was not used in the PinReset Processor. This fix addresses that and allows the Pin Reset operation to complete.
* Add GP211 applet and latest GP201 applet for RSA.Jack Magne2015-07-015-43/+34
| | | | | | | | | Ticket # 793: Add support for Secure Channel Protocol 02 Properly select the coolkey applet in the "getAppletVersion" routine. For some reason the gp211 applet revealed this issue. Tested to work with both gp211 scp02 card and gp201 scp01 card.
* Ability to toggle profile usablity in Web vs CLI tools.Jack Magne2015-07-011-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Ticket #1442. This fix gives the command line enrollment commands the ability to enroll a cert against a profile that has been marked as not visible but "enabled". With the simple fix the following scenarios tested to work: The "caUserCert" Profile was marked as not visible, but enabled. 1. pki -c Secret123 client-cert-request --profile caUserCert uid=jmagne This is the simplest form of user cert enrollment. 2. pki ca-cert-request-profile-show caUserCert --output testuser.xml pki ca-cert-request-submit testuser.xml The first command gives us the profile's xml file, which after modification is used to enroll. 3. pki -d ~/.dogtag/pki -c "" -n "PKI Administrator for localdomain" ca-profile-show caUserCert This one shows that we can view the contents of a non visible profile. Listing is not allowed. We felt this appropiate to allow a command line user to get the details of a non visible profile that they know aobut and want to use.
* Ticket 1438 pkispawn: SSL_ForceHandshake issue for non-CA on HSM on both ↵Christina Fu2015-07-011-35/+72
| | | | shared and nonshared tomcat instances
* Cleaned up SystemConfigService.configureClone().Endi S. Dewata2015-07-012-51/+23
| | | | | | The getCloningData() in SystemConfigService has been renamed to configureClone(). Redundant try-catch blocks have been removed. Some exception messages have been modified to include more info.
* Cleaned up SystemConfigService.validateRequest().Endi S. Dewata2015-07-014-34/+41
| | | | | | | | | | The configure() in SystemConfigService method has been modified to log only the error message in normal responses but log the full stack trace when unexpected issues occur. The validateData() in SystemConfigService has been renamed to validateRequest() for clarity. The log messages have been modified to include the invalid values entered in the request.
* Updated pki man page.Endi S. Dewata2015-06-301-0/+25
| | | | | | | The pki man page has been updated to describe results paging parameters. https://fedorahosted.org/pki/ticket/1122
* Updated pki-cert man page.Endi S. Dewata2015-06-301-0/+67
| | | | | | | The man page for pki-cert has been modified to describe the file format used to specify the search constraints. https://fedorahosted.org/pki/ticket/995
* Fixed Modutil.is_security_module_registered().Endi S. Dewata2015-06-291-45/+45
| | | | | | | | Due to issues with HSM the Modutil.is_security_module_registered() has been modified to the get the list of all registered modules and then use it to check if a module is registered. https://fedorahosted.org/pki/ticket/1444
* Fixed selftests log message.Endi S. Dewata2015-06-2315-809/+449
| | | | | | | | | | | | | The SelfTestSubsystem has been modified to display a 'successful' message only if all tests have passed. If a test fails, it will log a failure, subsequent tests will not be executed, and the subsystem will shutdown immediately. The runSelfTest() in various tests have been cleaned up to throw the original exception to help troubleshooting. The unused RAPresence test has been removed. https://fedorahosted.org/pki/ticket/1249
* Fixed ProxyRealm for Tomcat 8.Endi S. Dewata2015-06-191-0/+5
| | | | | The Realm interface has changed in recent Tomcat 8 version. The ProxyRealm class that implements it has been updated accordingly.
* Add profiles schema update fileFraser Tweedale2015-06-191-0/+4
| | | | | | | | | Dogtag does not yet have a reliable way to update its schema, but FreeIPA does need to add the new schema for LDAP-based profiles during upgrade to 4.2. As a temporary solution until Dogtag can manage its own schema updates (including when deployed as FreeIPA CA), FreeIPA will perform the schema upgrade. Provide a schema file that FreeIPA can use to do this.
* Displaying pkispawn/pkidestroy log file names.Endi S. Dewata2015-06-182-0/+4
| | | | | To simplify troubleshooting the pkispawn and pkidestroy have been modified to show the name of the log file used in each run.
* Check security module registrationMatthew Harmsen2015-06-182-0/+59
| | | | | | - PKI TRAC Ticket #1426 - pkispawn of KRA on HSM fails (shared instances) - PKI TRAC Ticket #1427 - pkispawn of OCSP on HSM fails (shared instances) - PKI TRAC Ticket #1429 - pkispawn of TKS on HSM fails (shared instances)
* Fixed thread leaks during shutdown.Endi S. Dewata2015-06-1836-92/+137
| | | | | | | | Various codes have been modified to properly stop threads during shutdown. A new ID attribute has been added to the LDAP connection factory classes to help identify leaking threads. https://fedorahosted.org/pki/ticket/1327
* ticket 867 symkey library path link fixChristina Fu2015-06-182-0/+9
|
* Fixed pkidaemon to show TPS status.Endi S. Dewata2015-06-183-5/+36
| | | | | | | The operations script and the server.xml templates have been modified to display TPS status in pkidaemon. https://fedorahosted.org/pki/ticket/1278
* Fixed typos in Web UI.Endi S. Dewata2015-06-182-2/+2
|
* Fix for HSM cloning issueMatthew Harmsen2015-06-172-0/+47
|
* fix pylint issueChristina Fu2015-06-171-2/+2
|
* add pkiuser to nfast groupMatthew Harmsen2015-06-164-0/+96
| | | | - PKI TRAC Ticket #1415 - nCipher HSM: Add 'pkiuser' to 'nfast' group
* Startup log message improvementes.Endi S. Dewata2015-06-163-9/+96
| | | | | | | | The PKIListener has been modified to verify that all subsystems are running and to show the command to enable the subsystem if it was disabled due to errors. https://fedorahosted.org/pki/ticket/1406
* CRMFPopClient improvements.Endi S. Dewata2015-06-161-12/+33
| | | | | | The CRMFPopClient has been modified to use the HttpClient library to connect to the server, to show the HTTP status code if an error occurs, and to show the NSS database directory in verbose mode.
* Suppress interactive HSM installationMatthew Harmsen2015-06-161-15/+20
| | | | - PKI TRAC Ticket #1417 - Interactive pkispawn of CA with HSM fails
* Mozilla crypto object warning:Jack Magne2015-06-162-1/+8
| | | | | | Provide simple textual warning when the user is using a browser that no longer supports the crypto object, which results in reduced CA certficat enrollment functionality. For simplicity provide the warning at the top of the main index page and at the top of the CA's services page. The services page is where the pkispawn of the CA points the uers after installation. The ticket originally called for a JS warnign but the simple text warning should be less intrusive and repetitive to the user. Ticket #1398 Provide UI Javascript warning for missing Mozilla Crypto Object in the CA.
* Warning for the main index to tell the user that the crypto object is not ↵Jack Magne2015-06-161-0/+8
| | | | available for use in the browser.
generated by cgit (git 2.34.1) at 2025-10-01 01:12:00 +0000