date:20160621

[Pki-devel] Updated External EPEL CentOS 7 COPR builds are now available . . .

2016-06-21 Thread Matthew Harmsen


An updated external EPEL CentOS 7 COPR repo is now available which contains 
Dogtag 10.3.3 builds:

 *

   
https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pki-10.3.3-epel-7.repo

   [group_pki-10.3.3]
   name=Copr repo for 10.3.3 owned by @pki
   
baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/epel-7-$basearch/
   skip_if_unavailable=True
   gpgcheck=1
   gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/pubkey.gpg
   enabled=1
   enabled_metadata=1

-- Matt


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] Karma Request for Dogtag 10.3.3 on Fedora 24

2016-06-21 Thread Matthew Harmsen

The following candidate builds of Dogtag 10.3.3 for Fedora 24 consist of 
the following:


 * dogtag-pki-10.3.3-1.fc24
   
 * dogtag-pki-theme-10.3.3-1.fc24
   
 * pki-core-10.3.3-1.fc24
   
 * pki-console-10.3.3-1.fc24
   

Please provide Karma for these builds in Bodhi located at:

 * https://bodhi.fedoraproject.org/updates/FEDORA-2016-f79d05d2c4
   dogtag-pki-10.3.3-1.fc24
   
 * https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4e6c2b81f
   dogtag-pki-theme-10.3.3-1.fc24
   
 * https://bodhi.fedoraproject.org/updates/FEDORA-2016-bc6bc7b4dc
   pki-core-10.3.3-1.fc24
   
 * https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c3e450b6b
   pki-console-10.3.3-1.fc24
   

Additionally, the following builds have been provided for Fedora 25 
(rawhide):


 * dogtag-pki-10.3.3-1.fc25
   
 * dogtag-pki-theme-10.3.3-1.fc25
   

Unfortunately, Dogtag 10.3.3 is currently broken on Fedora 24 (rawhide) 
due to the following issue:


 * PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks
   pki-core 

which prohibits building:

 * pki-core-10.3.3-1.fc25
 * pki-console-10.3.3-1.fc25 (which depends on
   pki-java-base-10.3.3-1.fc25 that is a part of the
   pki-core-10.3.3-1.fc25 package)

Thanks,
-- Matt

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 778 Fixed KRA cloning issue.

2016-06-21 Thread Endi Sukma Dewata


The pki pkcs12-import CLI has been modified not to import
certificates that already exist in the NSS database unless
specifically requested with the --overwrite parameter. This
will avoid changing the trust flags of the CA signing
certificate during KRA cloning.

The some other classes have been modified to provide better
debugging information.

https://fedorahosted.org/pki/ticket/2374

--
Endi S. Dewata
>From 49bdc8643bb54779d0c6ea72c7e3ca4bc7f06083 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Tue, 21 Jun 2016 18:39:25 +0200
Subject: [PATCH] Fixed KRA cloning issue.

The pki pkcs12-import CLI has been modified not to import
certificates that already exist in the NSS database unless
specifically requested with the --overwrite parameter. This
will avoid changing the trust flags of the CA signing
certificate during KRA cloning.

The some other classes have been modified to provide better
debugging information.

https://fedorahosted.org/pki/ticket/2374
---
 base/common/python/pki/cli/pkcs12.py   | 19 +-
 base/common/python/pki/nssdb.py| 22 
 .../netscape/cmstools/pkcs12/PKCS12ImportCLI.java  |  6 +++--
 .../cms/servlet/csadmin/ConfigurationUtils.java| 29 --
 .../cmscore/ldapconn/LdapJssSSLSocketFactory.java  | 18 --
 .../src/netscape/security/pkcs/PKCS12Util.java | 21 +++-
 6 files changed, 91 insertions(+), 24 deletions(-)

diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py
index a7c32cc2b1218021bc15b5ea030df24c8b7143b9..3fcea35a4cc45641ec53d3aba933735c1b2c065a 100644
--- a/base/common/python/pki/cli/pkcs12.py
+++ b/base/common/python/pki/cli/pkcs12.py
@@ -55,6 +55,7 @@ class PKCS12ImportCLI(pki.cli.CLI):
 print('  --no-trust-flags   Do not include trust flags')
 print('  --no-user-certsDo not import user certificates')
 print('  --no-ca-certs  Do not import CA certificates')
+print('  --overwriteOverwrite existing certificates')
 print('  -v, --verbose  Run in verbose mode.')
 print('  --debugRun in debug mode.')
 print('  --help Show help message.')
@@ -65,7 +66,7 @@ class PKCS12ImportCLI(pki.cli.CLI):
 try:
 opts, _ = getopt.gnu_getopt(args, 'v', [
 'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=',
-'no-trust-flags', 'no-user-certs', 'no-ca-certs',
+'no-trust-flags', 'no-user-certs', 'no-ca-certs', 'overwrite',
 'verbose', 'debug', 'help'])
 
 except getopt.GetoptError as e:
@@ -79,6 +80,7 @@ class PKCS12ImportCLI(pki.cli.CLI):
 no_trust_flags = False
 import_user_certs = True
 import_ca_certs = True
+overwrite = False
 debug = False
 
 for o, a in opts:
@@ -100,6 +102,9 @@ class PKCS12ImportCLI(pki.cli.CLI):
 elif o == '--no-ca-certs':
 import_ca_certs = False
 
+elif o == '--overwrite':
+overwrite = True
+
 elif o in ('-v', '--verbose'):
 self.set_verbose(True)
 
@@ -221,6 +226,15 @@ class PKCS12ImportCLI(pki.cli.CLI):
 cert_id = cert_info['id']
 nickname = cert_info['nickname']
 
+cert = nssdb.get_cert(nickname)
+
+if cert:
+if not overwrite:
+print('WARNING: cert %s already exists' % nickname)
+continue
+
+nssdb.remove_cert(nickname)
+
 if 'trust_flags' in cert_info:
 trust_flags = cert_info['trust_flags']
 else:
@@ -292,6 +306,9 @@ class PKCS12ImportCLI(pki.cli.CLI):
 if no_trust_flags:
 cmd.extend(['--no-trust-flags'])
 
+if overwrite:
+cmd.extend(['--overwrite'])
+
 if self.verbose:
 cmd.extend(['--verbose'])
 
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
index 0c27c3f19b6d938e4e335aaf0541d0ca0d0c1796..f563fd81e5584eb218e4a7f9a2ff3eff96a2 100644
--- a/base/common/python/pki/nssdb.py
+++ b/base/common/python/pki/nssdb.py
@@ -423,12 +423,20 @@ class NSSDatabase(object):
 output_format_option
 ])
 
-cert_data = subprocess.check_output(cmd)
+try:
+cert_data = subprocess.check_output(cmd)
 
-if output_format == 'base64':
-cert_data = base64.b64encode(cert_data)
+if output_format == 'base64':
+cert_data = base64.b64encode(cert_data)
 
-return cert_data
+return cert_data
+
+except subprocess.CalledProcessError:
+

[Pki-devel] Fixes exception while invalid module.

2016-06-21 Thread Amol Kahat


Hi,

Please review this patch.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348446

Thanks
Amol K
>From 8ec731ecade07c269c735401ba15619be88544b9 Mon Sep 17 00:00:00 2001
From: Amol Kahat 
Date: Tue, 21 Jun 2016 13:45:06 +0530
Subject: [PATCH] Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348446

---
 base/common/python/pki/cli/__init__.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/base/common/python/pki/cli/__init__.py b/base/common/python/pki/cli/__init__.py
index 3be9cce2e5583e2ee519cdb2860e6346f90426da..cae2b13d2792ef4620f8563a4ba2e8bd1851fae5 100644
--- a/base/common/python/pki/cli/__init__.py
+++ b/base/common/python/pki/cli/__init__.py
@@ -156,7 +156,7 @@ class CLI(object):
 (module, sub_command) = self.parse_command(command)
 
 if not module:
-raise Exception('Invalid module "%s".' % command)
+print('ERROR: Invalid module "%s".' % command)
 
 # Prepare module arguments.
 if sub_command:
@@ -200,4 +200,5 @@ class CLI(object):
 
 (module, module_args) = self.parse_args(argv)
 
-module.execute(module_args)
+if module:
+module.execute(module_args)
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] Invalid instance exception fix.

2016-06-21 Thread Amol Kahat


Hi,

Please review this patch.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348433


Thanks
Amol K.
>From adaef8e7ca9d0c2a57eda09c52d0ed149e176224 Mon Sep 17 00:00:00 2001
From: Amol Kahat 
Date: Tue, 21 Jun 2016 13:20:59 +0530
Subject: [PATCH] Fixes: Invalid instance exception issue.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348433
---
 base/server/python/pki/server/cli/instance.py | 56 ++-
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py
index 6e336e3cb8b9af7745143440ede95022cb7b..b2b31e1b806162caf74277504cfb08f79810a3ef 100644
--- a/base/server/python/pki/server/cli/instance.py
+++ b/base/server/python/pki/server/cli/instance.py
@@ -157,7 +157,11 @@ class InstanceCertExportCLI(pki.cli.CLI):
 sys.exit(1)
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
+if instance.is_active():
+ instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
 
 if not pkcs12_password and not pkcs12_password_file:
 pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ')
@@ -233,7 +237,11 @@ class InstanceFindCLI(pki.cli.CLI):
 print()
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specfified.')
+sys.exit(1)
 
 InstanceCLI.print_instance(instance)
 
@@ -282,8 +290,12 @@ class InstanceShowCLI(pki.cli.CLI):
 instance_name = args[0]
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
-
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
+
 InstanceCLI.print_instance(instance)
 
 
@@ -470,7 +482,12 @@ class InstanceMigrateCLI(pki.cli.CLI):
 module.set_debug(self.debug)
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
+
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
 
 module.migrate(  # pylint: disable=no-member,maybe-no-member
 instance,
@@ -526,7 +543,12 @@ class InstanceNuxwdogEnableCLI(pki.cli.CLI):
 module.set_verbose(self.verbose)
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
+
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
 
 module.enable_nuxwdog(  # pylint: disable=no-member,maybe-no-member
 instance)
@@ -580,7 +602,11 @@ class InstanceNuxwdogDisableCLI(pki.cli.CLI):
 module.set_verbose(self.verbose)
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
 
 module.disable_nuxwdog(
 instance)  # pylint: disable=no-member,maybe-no-member
@@ -664,7 +690,12 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
 sys.exit(1)
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
+
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
 
 if instance.external_cert_exists(nickname, token):
 print('ERROR: Certificate already imported for instance %s.' %
@@ -753,8 +784,13 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
 sys.exit(1)
 
 instance = pki.server.PKIInstance(instance_name)
-instance.load()
-
+
+if instance.is_valid():
+instance.load()
+else:
+print('ERROR: Invalid tomcat instance specified.')
+sys.exit(1)
+
 self.remove_cert(instance, nickname, token)
 instance.delete_external_cert(nickname, token)
 
-- 
2.5.5

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] Fixes pki-server subsystem --help options.

2016-06-21 Thread Amol Kahat


Hi,

Please review this patch.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1340718

Thanks
Amol  K.
>From ad4e565f54db5e38102f3cbceeb98b22090c0ef5 Mon Sep 17 00:00:00 2001
From: Amol Kahat 
Date: Tue, 21 Jun 2016 12:47:23 +0530
Subject: [PATCH] Fixes pki-server subsystem-* --help options.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1340718
---
 base/server/python/pki/server/cli/subsystem.py | 165 +
 1 file changed, 86 insertions(+), 79 deletions(-)

diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index c92ed16be251af87aa20ddada17da48de2ea4511..a4d91610fd2fa9f575923f3361c5a544bacb1927 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -90,7 +90,7 @@ class SubsystemFindCLI(pki.cli.CLI):
 self.set_verbose(True)
 
 elif o == '--help':
-self.print_help()
+self.usage()
 sys.exit()
 
 else:
@@ -138,12 +138,6 @@ class SubsystemShowCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
-if len(args) != 1:
-print('ERROR: missing subsystem ID')
-self.usage()
-sys.exit(1)
-
-subsystem_name = args[0]
 instance_name = 'pki-tomcat'
 
 for o, a in opts:
@@ -154,7 +148,7 @@ class SubsystemShowCLI(pki.cli.CLI):
 self.set_verbose(True)
 
 elif o == '--help':
-self.print_help()
+self.usage()
 sys.exit()
 
 else:
@@ -162,6 +156,13 @@ class SubsystemShowCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
+if len(args) != 1:
+print('ERROR: missing subsystem ID')
+self.usage()
+sys.exit(1)
+
+subsystem_name = args[0]
+
 instance = pki.server.PKIInstance(instance_name)
 instance.load()
 
@@ -195,12 +196,6 @@ class SubsystemEnableCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
-if len(args) != 1:
-print('ERROR: missing subsystem ID')
-self.usage()
-sys.exit(1)
-
-subsystem_name = args[0]
 instance_name = 'pki-tomcat'
 
 for o, a in opts:
@@ -211,7 +206,7 @@ class SubsystemEnableCLI(pki.cli.CLI):
 self.set_verbose(True)
 
 elif o == '--help':
-self.print_help()
+self.usage()
 sys.exit()
 
 else:
@@ -219,6 +214,13 @@ class SubsystemEnableCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
+if len(args) != 1:
+print('ERROR: missing subsystem ID')
+self.usage()
+sys.exit(1)
+
+subsystem_name = args[0]
+
 instance = pki.server.PKIInstance(instance_name)
 instance.load()
 
@@ -257,12 +259,6 @@ class SubsystemDisableCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
-if len(args) != 1:
-print('ERROR: missing subsystem ID')
-self.usage()
-sys.exit(1)
-
-subsystem_name = args[0]
 instance_name = 'pki-tomcat'
 
 for o, a in opts:
@@ -273,7 +269,7 @@ class SubsystemDisableCLI(pki.cli.CLI):
 self.set_verbose(True)
 
 elif o == '--help':
-self.print_help()
+self.usage()
 sys.exit()
 
 else:
@@ -281,6 +277,13 @@ class SubsystemDisableCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
+if len(args) != 1:
+print('ERROR: missing subsystem ID')
+self.usage()
+sys.exit(1)
+
+subsystem_name = args[0]
+
 instance = pki.server.PKIInstance(instance_name)
 instance.load()
 
@@ -342,12 +345,6 @@ class SubsystemCertFindCLI(pki.cli.CLI):
 self.print_help()
 sys.exit(1)
 
-if len(args) != 1:
-print('ERROR: missing subsystem ID')
-self.print_help()
-sys.exit(1)
-
-subsystem_name = args[0]
 instance_name = 'pki-tomcat'
 show_all = False
 
@@ -370,6 +367,13 @@ class SubsystemCertFindCLI(pki.cli.CLI):
 self.print_help()
 sys.exit(1)
 
+if len(args) != 1:
+print('ERROR: missing subsystem ID')
+self.print_help()
+sys.exit(1)
+
+subsystem_name = args[0]
+
 instance = pki.server.PKIInstance(instance_name)
 instance.load()
 
@@ -414,18 +418,6 @@ class SubsystemCertShowCLI(pki.cli.CLI):
 self.usage()
 sys.exit(1)
 
-if len(args) < 1:
-print('ERROR: missing subsystem ID')
-self.usage()
-sys.exit(1)
-
-if len(args) < 2:
-print('ERROR: missing cert I

[Pki-devel] Updated External EPEL CentOS 7 COPR builds are now available . . .

[Pki-devel] Karma Request for Dogtag 10.3.3 on Fedora 24

[Pki-devel] [PATCH] 778 Fixed KRA cloning issue.

[Pki-devel] Fixes exception while invalid module.

[Pki-devel] Invalid instance exception fix.

[Pki-devel] Fixes pki-server subsystem --help options.

6 matches

Site Navigation

Mail list logo

Footer information