summaryrefslogtreecommitdiffstats
path: root/base
Commit message (Collapse)AuthorAgeFilesLines
...
* OCSP and CA minor cloning fixesJack Magne2015-05-012-20/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tickets #1294, #1058 The patch does the following: 1. Allows an OCSP clone to actually install and operate. It also sets a param appropriate for an OCSP clone. Ticket #1058 The controversial part of this one is the fact that I have disabled having OCSP clones register themselves to the CA as publishing target. The master is already getting the updates and we rely upon replication to keep the clones updated. The current downside is the master is on an island with respect to updates and could be considered a single point of failure. Thus my proposal for this simple patch is to get the OCSP clone working as in existing functionality. Then we come back and propose a ticket to allow the installer OCSP clones to set up the publishers in such a way that all clones and master are registered, but when it is actually time to publish, the CRL publisher has the smarts to know that members of a clone cluster are in a group and the first successfull publish should end the processing of that group. 2. Allows the CA clone to set some params to disable certain things that a clone should not do. This was listed as a set of misc post install tasks that we are trying to automate. Code tested to work. 1. OCSP clones can be installed and the CRL were checked to be in sync when an update occured to the master. 2. The CA clone has been seen to have the required params and it looks to come up just fine. Final review minor changes to tickets, 1294, and 1058.
* Fix interactive install to not reprompt for portsAde Lee2015-04-293-7/+53
| | | | | Ports are already set when deploying into an existing instance. Having a user re-enter these is repetitious and error prone.
* Trac Ticket 1196 - serverCertNick.conf is replaced incorrectlyAde Lee2015-04-291-1/+3
| | | | | When second subsystem is installed, serverCertNick.conf and other top level tomcat config files should not be replaced.
* Code cleanup - simplify pkispawn codeAde Lee2015-04-2910-749/+716
| | | | | All subsystems are now tomcat instances. Conditionals based on whether the subsystem is a tomcat instance or not are no longer required.
* Ticket #1295 CA: OCSP via GET does not workChristina Fu2015-04-281-0/+5
|
* Add nuxwdog to java policyAde Lee2015-04-281-0/+3
| | | | | This allows PKI server to be loaded with nuxwdog library when java security policy is enabled.
* Add ability to pki-server to enable/disable nuxwdog for an instanceAde Lee2015-04-283-2/+447
| | | | | | This adds the ability to either enable or disable an instance using the pki-server utility. Additional documentation and additions to the man pages will be added in a separate patch.
* Add conditional to disable doclint for javadocs on java >= 1.8Ade Lee2015-04-241-0/+6
|
* Fixed problem deploying without theme.Endi S. Dewata2015-04-241-12/+13
| | | | | | | The deployment tool has been modified to deploy the pki.xml only if the theme package is installed. https://fedorahosted.org/pki/ticket/499
* Fix some javadoc errors that prevent F23 buildAde Lee2015-04-249-18/+3
|
* Remove duplicate prompt on nuxwdog startupAde Lee2015-04-236-5/+54
|
* Added direct deployment for theme.Endi S. Dewata2015-04-239-29/+163
| | | | | | | | The deployment tool has been modified to deploy the theme files directly from /usr/share/pki. New deployment descriptors have been added for admin templates and JS library. https://fedorahosted.org/pki/ticket/499
* Added missing "logo" theme properties to OCSP and TKS "ports.template".Matthew Harmsen2015-04-222-2/+2
|
* Parameterized CA templates.Endi S. Dewata2015-04-226-31/+157
| | | | https://fedorahosted.org/pki/ticket/1296
* Enumerate profiles in order of discoveryFraser Tweedale2015-04-233-4/+8
| | | | | | Recent change (d83f688) changed the order of profile enumeration. Track profiles using a LinkedHashMap to restore old behaviour where profiles were enumerated in the order they were discovered.
* OCSP Parameterized.Jack Magne2015-04-225-28/+128
|
* Moved color settings to CSS.Endi S. Dewata2015-04-2279-80/+127
| | | | | | | The templates have been modified to remove hard-coded background color settings and use the styles defined in a new CSS file. https://fedorahosted.org/pki/ticket/1296
* Moved CSS files to theme package.Endi S. Dewata2015-04-224-9986/+0
| | | | | | | The CSS files have been moved into the theme package to allow more control of the UI appearance. https://fedorahosted.org/pki/ticket/499
* Moved fonts and images to theme package.Endi S. Dewata2015-04-2221-0/+0
| | | | | | | The fonts and images have been moved into the theme package to allow more control of the UI appearance. https://fedorahosted.org/pki/ticket/499
* Added direct deployment for all subsystems.Endi S. Dewata2015-04-2217-214/+16
| | | | | | | | The deployment tool has been modified to deploy all subsystems directly from the /usr/share/pki. This will simplify updating the templates in the web applications. https://fedorahosted.org/pki/ticket/499
* TKS Parameterized (revised, again)Christina Fu2015-04-225-27/+122
|
* Fixed build issues.Endi S. Dewata2015-04-222-2/+1
| | | | | The code has been modified to fix tomcatjss and python-sphinx issues.
* Fixed typos.Matthew Harmsen2015-04-222-2/+2
|
* Parameterized KRAMatthew Harmsen2015-04-225-28/+122
| | | | - PKI TRAC Ticket #1296 - RHCS 9.0 theme
* Parameterized /ca/agent/header.Endi S. Dewata2015-04-221-2/+23
| | | | https://fedorahosted.org/pki/ticket/1296
* Parameterized /ca/ee/ca/index.html.Endi S. Dewata2015-04-221-6/+24
| | | | https://fedorahosted.org/pki/ticket/1296
* Parameterized ROOT's index.jsp.Endi S. Dewata2015-04-221-2/+27
| | | | https://fedorahosted.org/pki/ticket/1296
* Parameterized service.template in all subsystems.Endi S. Dewata2015-04-224-112/+84
| | | | https://fedorahosted.org/pki/ticket/1296
* Parameterized CA's services.template.Endi S. Dewata2015-04-221-2/+28
| | | | https://fedorahosted.org/pki/ticket/1296
* Add back the getPassword(tag) code to handle old tomcatjss interfaceAde Lee2015-04-221-0/+5
|
* Added pki-server-nuxwdog tool to create config file for nuxwdogAde Lee2015-04-221-0/+43
| | | | | This config file can be used in starting up the instance in a standalone fashion.
* Changes to config files to support nuxwdogAde Lee2015-04-229-1/+20
| | | | Specifically changes to CS.cfg, server.xml and tomcat.conf
* Add nuxwdog functionality to DogtagAde Lee2015-04-2222-48/+606
| | | | | | | | | | | | This is the first of several commits. This adds a LifecycleListener to call init() on the nuxwdog client before any connectors or webapps start up, and call sendEndInit() once initialization completes. Code is also added to prompt for and test required passwords on startup. All that is required to use nuxwdog is to start the server using nuxwdog. An environment variable will be set that will trigger creation of the NuxwdogPasswordStore. We expect tags for the required passwords to be in cms.passwordList
* Only read pki_profiles_in_ldap when spawning CA instanceFraser Tweedale2015-04-221-5/+4
|
* Ticket 1316 Allow adding SAN to server cert during the install processChristina Fu2015-04-2110-10/+239
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usage: * under /usr/share/pki/ca/conf, you will find a new file called serverCert.profile.exampleWithSANpattern * copy existing serverCert.profile away and replace with serverCert.profile.exampleWithSANpattern * edit serverCert.profile.exampleWithSANpattern - follow the instruction right above 8.default. - save and quit * cd /usr/share/pki/ca/profiles/ca , edit caInternalAuthServerCert.cfg - follow the instruction right above policyset.serverCertSet.9 - save and quit * save away and edit the ca config file for pkispawn: (note: you can add multiple SAN's delimited by ',' for pki_san_server_cert - add the following lines, e.g. pki_san_inject=True pki_san_server_cert=host1.Example.com - do the same pkispawn cfg changes for kra or any other instances that you plan on creating * create your instance(s) check the sl sever cert, it should contain something like the following: Identifier: Subject Alternative Name - 2.5.29.17 Critical: no Value: DNSName: host1.Example.com
* Added server migration command.Endi S. Dewata2015-04-215-16/+597
| | | | | | | | | | | | New pki-server CLI commands have been added to migrate the server configuration from Tomcat 7 to Tomcat 8 and vice versa. These commands can be used later during system upgrade to migrate existing instances from Tomcat 7 in F22 to Tomcat 8 in F23. The Python CLI framework has been refactored to provide a way to find other CLI modules by the command names. https://fedorahosted.org/pki/ticket/1264
* Added support for Tomcat 8.Endi S. Dewata2015-04-2144-30/+1161
| | | | | | | | | | | | The Dogtag code has been modified to support both Tomcat 7 and 8. All files depending on a specific Tomcat version are now stored in separate folders. The build scripts have been modified to use the proper folder for the target platform. The tomcatjss dependency has been updated as well. The upgrade script will be added in a separate patch. https://fedorahosted.org/pki/ticket/1264
* Add HSM passwords to pkispawnMatthew Harmsen2015-04-213-4/+66
| | | | - PKI TRAC Ticket #1200 - make sure pkispawn works with hsm (passwords)
* Bugzilla 1186896 - NIST SP800-108 KDF (cfu for community member) - remove ↵Jack Magne2015-04-201-3/+2
| | | | harmful bit of sanity checking, not needed.
* Bug 1186896 - NIST SP800-108 KDF - add sanity checking.Jack Magne2015-04-172-1/+12
|
* Added bulk property editor in TPS UI.Endi S. Dewata2015-04-177-2/+213
| | | | | | | | | The TPS UI has been modified to provide an interface to edit raw properties as in the configuration file. This also allows editing multiple properties at once and also copy & pasting the properties. https://fedorahosted.org/pki/ticket/936
* Fixed action menu in TPS UI.Endi S. Dewata2015-04-1722-187/+453
| | | | | | | | | | The TPS UI has been modified to display the appropriate actions menu based on the roles of the user. TPS agent can only enable and disable profiles, and also approve or reject pending requests. TPS admin can only edit disabled profiles, then submit it for approval, or cancel the request. https://fedorahosted.org/pki/ticket/1292
* Fixed TPS REST services.Endi S. Dewata2015-04-1714-82/+208
| | | | | | | | The REST services have been modified to support submit and cancel actions. The ACL has been fixed to allow admins and agents to change the status. https://fedorahosted.org/pki/ticket/1292
* Customized TPS UI menu based on user roles.Endi S. Dewata2015-04-1716-58/+108
| | | | | | | | | | | The TPS UI has been modified to customize the navigation menu based on the roles of the user currently logged in. TPS agents do not have access to users, groups, config, authenticators, connectors, profile mappings, audit, and self tests, so the corresponding menu items will be hidden. TPS admins have access to all menu items. https://fedorahosted.org/pki/ticket/1292
* Remove unneeded class EnrollProfileContextFraser Tweedale2015-04-162-35/+2
|
* Fix incorrect class name in debug messageFraser Tweedale2015-04-161-1/+1
|
* Remove duplicate getRequestQueue codeFraser Tweedale2015-04-161-2/+1
|
* Remove unused RequestSubsystem constructorFraser Tweedale2015-04-162-34/+0
|
* Chain InvocationTargetException thrown during PKCS10Attribute decodingFraser Tweedale2015-04-161-1/+1
|
* Ticket 1339 doRevoke error string doesn't clear after failure.Christina Fu2015-04-161-0/+2
| | | | porting from Bugzilla 1150142
generated by cgit (git 2.34.1) at 2025-10-01 07:08:09 +0000