[Pki-devel] [PATCH] pki-tools man pages

2016-07-22 Thread Matthew Harmsen 

Please review the following patch which includes a batch of man pages for:

 * PKI TRAC Ticket #690 - [MAN] pki-tools man pages
   

which includes new man pages for the following:

 * AtoB
 * BtoA
 * KRATool
 * PrettyPrintCert
 * PrettyPrintCrl

I have also included the patch for the spec file which adds a 
compatibility symlink from DRMTool.1.gz -> KRATool.1.gz, and packaging 
for the AuditVerify.1.gz tool.


-- Matt

P. S. - I am currently at work on the man pages for the various CMC tools.

From 8b91b1531812c9ecbd25ac54c97edb2e29b4f12c Mon Sep 17 00:00:00 2001
From: Matthew Harmsen 
Date: Fri, 22 Jul 2016 20:43:48 -0600
Subject: [PATCH] pki-tools man pages

* PKI TRAC Ticket #690 - [MAN] pki-tools man pages
  - AtoB,
  - BtoA,
  - KRATool,
  - PrettyPrintCert, and
  - PrettyPrintCrl
---
 base/java-tools/man/man1/AtoB.1|  56 
 base/java-tools/man/man1/BtoA.1|  56 
 base/java-tools/man/man1/KRATool.1 | 459 +
 base/java-tools/man/man1/PrettyPrintCert.1 | 204 +
 base/java-tools/man/man1/PrettyPrintCrl.1  | 141 +
 5 files changed, 916 insertions(+)
 create mode 100644 base/java-tools/man/man1/AtoB.1
 create mode 100644 base/java-tools/man/man1/BtoA.1
 create mode 100644 base/java-tools/man/man1/KRATool.1
 create mode 100644 base/java-tools/man/man1/PrettyPrintCert.1
 create mode 100644 base/java-tools/man/man1/PrettyPrintCrl.1

diff --git a/base/java-tools/man/man1/AtoB.1 b/base/java-tools/man/man1/AtoB.1
new file mode 100644
index 000..6b7d6f0
--- /dev/null
+++ b/base/java-tools/man/man1/AtoB.1
@@ -0,0 +1,56 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH AtoB 1 "July 20, 2016" "version 10.3" "PKI ASCII to Binary Conversion Tool" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nhdisable hyphenation
+.\" .hyenable hyphenation
+.\" .ad l  left justify
+.\" .ad b  justify to both left and right margins
+.\" .nfdisable filling
+.\" .fienable filling
+.\" .brinsert line break
+.\" .sp insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+AtoB  \- Convert ASCII base-64 encoded data to binary base-64 encoded data.
+
+.SH SYNOPSIS
+.PP
+\fBAtoB  \fP
+
+.SH DESCRIPTION
+.PP
+The \fBAtoB\fP command provides a command-line utility used to convert ASCII base-64 encoded data to binary base-64 encoded data.
+
+.SH OPTIONS
+.PP
+The following parameters are mandatory:
+.TP
+.B 
+Specifies the path and file to the base-64 encoded ASCII data.
+
+.TP
+.B 
+Specifies the path and file where the utility should write the binary output.
+
+.SH EXAMPLES
+.PP
+This example command takes the base-64 ASCII data in the \fBascii_data.pem\fP file and writes the binary equivalent of the data to the \fBbinary_data.der\fP file:
+.IP
+.nf
+AtoB ascii_data.pem binary_data.der
+.if
+
+.SH AUTHORS
+Matthew Harmsen .
+
+.SH COPYRIGHT
+Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public
+License, version 2 (GPLv2). A copy of this license is available at
+http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
+
+.SH SEE ALSO
+.BR BtoA(1), pki(1)
diff --git a/base/java-tools/man/man1/BtoA.1 b/base/java-tools/man/man1/BtoA.1
new file mode 100644
index 000..0d1ad1f
--- /dev/null
+++ b/base/java-tools/man/man1/BtoA.1
@@ -0,0 +1,56 @@
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH BtoA 1 "July 20, 2016" "version 10.3" "PKI Binary to ASCII Conversion Tool" Dogtag Team
+.\" Please adjust this date whenever revising the man page.
+.\"
+.\" Some roff macros, for reference:
+.\" .nhdisable hyphenation
+.\" .hyenable hyphenation
+.\" .ad l  left justify
+.\" .ad b  justify to both left and right margins
+.\" .nfdisable filling
+.\" .fienable filling
+.\" .brinsert line break
+.\" .sp insert n+1 empty lines
+.\" for man page specific macros, see man(7)
+.SH NAME
+BtoA  \- Convert binary base-64 encoded data to ASCII base-64 encoded data.
+
+.SH SYNOPSIS
+.PP
+\fBBtoA  \fP
+
+.SH DESCRIPTION
+.PP
+The \fBBtoA\fP command provides a command-line utility used to convert binary base-64 encoded data to ASCII base-64 encoded data.
+
+.SH OPTIONS
+.PP
+The following parameters are mandatory:
+.TP
+.B 
+Specifies the path and file to the base-64 encoded binary data.
+
+.TP
+.B 
+Specifies the path and file where the utility should write the ASCII output.
+
+.SH EXAMPLES
+.PP
+This example command takes the base-64 binary data in the \fBbinary_data.der\fP file and writes the ASCII equivalent of the data to the

[Pki-devel] [PATCH] 797 Removed hard-coded paths in pki.policy.

2016-07-22 Thread Endi Sukma Dewata 

The operations script has been modified to generate pki.policy
dynamically from links in the /common/lib directory.
This allows the pki.policy to match the actual paths in different
platforms.

https://fedorahosted.org/pki/ticket/2403

--
Endi S. Dewata
>From c837aafc90f9d95dbe38cc2fa8e38118016a515c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Fri, 22 Jul 2016 17:31:20 +0200
Subject: [PATCH] Removed hard-coded paths in pki.policy.

The operations script has been modified to generate pki.policy
dynamically from links in the /common/lib directory.
This allows the pki.policy to match the actual paths in different
platforms.

https://fedorahosted.org/pki/ticket/2403
---
 base/server/scripts/operations|  16 -
 base/server/share/conf/pki.policy | 132 +-
 2 files changed, 17 insertions(+), 131 deletions(-)

diff --git a/base/server/scripts/operations b/base/server/scripts/operations
index 14443c4a5251c8f5405dc8abf2146e2b45fae0c7..59916700866073ca64201004c874116cbdbc1bb9 100644
--- a/base/server/scripts/operations
+++ b/base/server/scripts/operations
@@ -1352,10 +1352,24 @@ start_instance()
 return $rv
 fi
 
+# Copy pki.policy template
+/bin/cp /usr/share/pki/server/conf/pki.policy /var/lib/pki/$PKI_INSTANCE_NAME/conf
+
+# Add permissions for all JAR files in /var/lib/pki/$PKI_INSTANCE_NAME/common/lib
+for path in /var/lib/pki/$PKI_INSTANCE_NAME/common/lib/*; do
+
+cat >> /var/lib/pki/$PKI_INSTANCE_NAME/conf/pki.policy << EOF
+
+grant codeBase "file:$(realpath $path)" {
+permission java.security.AllPermission;
+};
+EOF
+done
+
 # Generate catalina.policy dynamically.
 cat /usr/share/pki/server/conf/catalina.policy \
 /usr/share/tomcat/conf/catalina.policy \
-/usr/share/pki/server/conf/pki.policy \
+/var/lib/pki/$PKI_INSTANCE_NAME/conf/pki.policy \
 /var/lib/pki/$PKI_INSTANCE_NAME/conf/custom.policy > \
 /var/lib/pki/$PKI_INSTANCE_NAME/conf/catalina.policy
 
diff --git a/base/server/share/conf/pki.policy b/base/server/share/conf/pki.policy
index e281e0191690e770082740745ac9eea964da55c4..7d8cfec4591ec3ee28ade876253f4f593e086e67 100644
--- a/base/server/share/conf/pki.policy
+++ b/base/server/share/conf/pki.policy
@@ -4,10 +4,10 @@
 // --- END COPYRIGHT BLOCK ---
 
 // 
-// pki.policy - Default Security Policy Permissions for PKI on Tomcat 7
+// pki.policy - Default Security Policy Permissions for PKI on Tomcat
 //
 // This file contains a default set of security policies for PKI running inside
-// Tomcat 7.
+// Tomcat.
 // 
 
 grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
@@ -22,42 +22,6 @@ grant codeBase "file:${catalina.base}/lib/-" {
 permission java.security.AllPermission;
 };
 
-grant codeBase "file:/usr/lib/java/jss4.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/lib/java/symkey.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/lib64/java/jss4.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/lib64/java/symkey.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/commons-codec.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/apache-commons-io.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/apache-commons-lang.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/apache-commons-logging.jar" {
-permission java.security.AllPermission;
-};
-
 grant codeBase "file:/usr/share/java/ecj.jar" {
 permission java.security.AllPermission;
 };
@@ -70,18 +34,6 @@ grant codeBase "file:/usr/share/java/glassfish-jsp.jar" {
 permission java.security.AllPermission;
 };
 
-grant codeBase "file:/usr/share/java/httpcomponents/httpclient.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/httpcomponents/httpcore.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase "file:/usr/share/java/javassist.jar" {
-permission java.security.AllPermission;
-};
-
 grant codeBase "file:/usr/share/java/jaxb-api.jar" {
 permission java.security.AllPermission;
 };
@@ -98,66 +50,10 @@ grant codeBase "file:/usr/share/java/jboss-web.jar" {
 permission java.security.AllPermission;
 };
 
-grant codeBase "file:/usr/share/java/jackson/jackson-core-asl.jar" {
-permission java.security.AllPermission;
-};
-
-grant codeBase