Re: [Pki-devel] Fwd: [pli-devel][PATCH] 0081-Fix-for-Add-ability-to-disallow-TPS-to-enroll-a-sing.patch

2016-10-10 Thread John Magne 
ACKED by cfu and she verbally acked a quick additon to eh fix for #1664

Pushed to master.

- Original Message -
From: "Christina Fu" 
To: pki-devel@redhat.com
Sent: Friday, October 7, 2016 5:06:51 PM
Subject: Re: [Pki-devel] Fwd: [pli-devel][PATCH] 
0081-Fix-for-Add-ability-to-disallow-TPS-to-enroll-a-sing.patch



Code looks good. One suggestion. Since we have to appease to the current NSS 
way of looking up certs, how about making the default true so that it will keep 
the old encryption certs by default? 

Of course we are taking up more space now on the token when it's true, so we 
should plan to revert it when/if NSS changes. 


conditional ACK if you do that. 


Christina 

On 10/07/2016 02:01 PM, John Magne wrote: 



Actually attach the patch.

- Forwarded Message -
From: "John Magne"  To: "pki-devel"  
Sent: Friday, October 7, 2016 11:45:17 AM
Subject: [pli-devel][PATCH] 
0081-Fix-for-Add-ability-to-disallow-TPS-to-enroll-a-sing.patch

Fix for: Add ability to disallow TPS to enroll a single user on multiple 
tokens. #1664

This bug was previously not completely fixed where we left a loophole to 
allow a user to
end up with 2 active tokens. This fix closes that loophole.

Also:

Fix for: Unable to read an encrypted email using renewed tokens. #2483

This fix provides for a new optional renewal based token policy, that
allows the user to retain or recover old encryption certs for that profile,
that get overwritten by the renewal process.

An example is:

RENEW=YES;RENEW_KEEP_OLD_ENC_CERTS=YES

The second part of the policy is new.

When this is set to "YES", the system will make sure the old enc cert
will remain on the token. If it's missing or "NO", no such attempt will be 
made. 


___
Pki-devel mailing list Pki-devel@redhat.com 
https://www.redhat.com/mailman/listinfo/pki-devel 


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

2016-10-10 Thread John Magne 
ACK

Looks good and non risky.

- Original Message -
From: "Christina Fu" 
To: pki-devel@redhat.com
Sent: Monday, October 10, 2016 5:20:11 PM
Subject: [Pki-devel]
[PATCH]pki-cfu-0155-Ticket-2498-Token-format-with-external-reg-fails-whe.patch

This patch addresses:

https://fedorahosted.org/pki/ticket/2498 Token format with external reg 
fails when op.format.externalRegAddToToken.revokeCert=true

It actually could be easily worked around by manually adding the missing 
params

op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1

op.format.externalRegAddToToken.tks.conn=tks1

While fixing the CS.cfg, it was observed that there were some references 
of non-defined ldap2 and ldap3, so they are also changed to ldap1.

A couple useful debug messages are added as well.

Christina


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 839 Updated PKI server logging service to use SLF4J.

2016-10-10 Thread Endi Sukma Dewata 

The PKI server logging service has been modified to utilize SLF4J.
This allows the admin to use the logging framework of choice.

https://fedorahosted.org/pki/ticket/195

This patch depends on patch #834.

--
Endi S. Dewata
>From 3180e43d9e314c7135bb8368a464d1fb6d3c5bc4 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Fri, 7 Oct 2016 01:31:44 +0200
Subject: [PATCH] Updated PKI server logging service to use SLF4J.

The PKI server logging service has been modified to utilize SLF4J.
This allows the admin to use the logging framework of choice.

https://fedorahosted.org/pki/ticket/195
---
 .classpath   |  1 +
 base/server/CMakeLists.txt   |  2 ++
 base/server/cmscore/src/CMakeLists.txt   | 10 +-
 .../cmscore/src/com/netscape/cmscore/util/Debug.java | 16 
 specs/pki-core.spec  |  7 ++-
 5 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/.classpath b/.classpath
index 9fd5144bf32f3a4af6b6992f7b5027ef55d9f2df..de36a429870d5418dcf4dcf90477443851659ed4 100644
--- a/.classpath
+++ b/.classpath
@@ -59,5 +59,6 @@
 	
 	
 	
+	
 	
 
diff --git a/base/server/CMakeLists.txt b/base/server/CMakeLists.txt
index be58c055eb159ed7d9e0ff1b76a2476e4e309454..72be760ed28cac0a9b6d52619472a139dc2b9ba2 100644
--- a/base/server/CMakeLists.txt
+++ b/base/server/CMakeLists.txt
@@ -53,6 +53,8 @@ add_custom_command(
 COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/jaxrs-api.jar common/lib/resteasy-jaxrs-api.jar
 COMMAND ${CMAKE_COMMAND} -E create_symlink ${RESTEASY_LIB}/resteasy-jaxrs.jar common/lib/resteasy-jaxrs.jar
 COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/scannotation.jar common/lib/scannotation.jar
+COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/slf4j/slf4j-api.jar common/lib/slf4j-api.jar
+COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/slf4j/slf4j-jdk14.jar common/lib/slf4j-jdk14.jar
 COMMAND /usr/bin/ln -sf /usr/lib/java/symkey.jar ${CMAKE_CURRENT_BINARY_DIR}/common/lib/symkey.jar
 COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/tomcatjss.jar common/lib/tomcatjss.jar
 COMMAND ${CMAKE_COMMAND} -E create_symlink /usr/share/java/velocity.jar common/lib/velocity.jar
diff --git a/base/server/cmscore/src/CMakeLists.txt b/base/server/cmscore/src/CMakeLists.txt
index fe8dba2077734468d983e850201150f88cb129f4..4ffb13fc96953f2adbb477d1d56699f9a9f80863 100644
--- a/base/server/cmscore/src/CMakeLists.txt
+++ b/base/server/cmscore/src/CMakeLists.txt
@@ -59,6 +59,13 @@ find_file(SERVLET_JAR
 /usr/share/java
 )
 
+find_file(SLF4J_JAR
+NAMES
+slf4j-api.jar
+PATHS
+/usr/share/java/slf4j
+)
+
 find_file(VELOCITY_JAR
 NAMES
 velocity.jar
@@ -124,14 +131,15 @@ javac(pki-cmscore-classes
 SOURCES
 com/netscape/cmscore/*.java
 CLASSPATH
-${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_TOMCAT_JAR}
 ${LDAPJDK_JAR} ${SERVLET_JAR} ${VELOCITY_JAR} ${XALAN_JAR} ${XERCES_JAR}
 ${JSS_JAR} ${COMMONS_CODEC_JAR} ${COMMONS_HTTPCLIENT_JAR}
 ${APACHE_COMMONS_LANG_JAR}
 ${TOMCAT_CATALINA_JAR} ${TOMCAT_UTIL_JAR} ${SYMKEY_JAR}
 ${JAXRS_API_JAR} ${RESTEASY_JAXRS_JAR} ${RESTEASY_ATOM_PROVIDER_JAR}
 ${HTTPCLIENT_JAR} ${HTTPCORE_JAR}
+${SLF4J_JAR}
 ${NUXWDOG_JAR}
+${PKI_NSUTIL_JAR} ${PKI_CMSUTIL_JAR} ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} ${PKI_TOMCAT_JAR}
 OUTPUT_DIR
 ${CMAKE_CURRENT_BINARY_DIR}/classes
 DEPENDS
diff --git a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java
index d1bb5c5a638c065a504d56a187a8164243fb60e5..0f68487fd8c19c28d250431180d5321091c5a530 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/util/Debug.java
@@ -19,10 +19,10 @@ package com.netscape.cmscore.util;
 
 import java.util.Hashtable;
 import java.util.StringTokenizer;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
 import org.apache.commons.lang.time.FastDateFormat;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
@@ -30,7 +30,7 @@ import com.netscape.certsrv.base.ISubsystem;
 public class Debug
 implements ISubsystem {
 
-private static Logger logger = Logger.getLogger(Debug.class.getName());
+private static Logger logger = LoggerFactory.getLogger(Debug.class);
 
 private static Debug mInstance = new Debug();
 private static boolean mShowCaller = false;
@@ -127,7 +127,7 @@ public class Debug
 private static void outputTraceMessage(String t) {
 if (!TRACE_ON)
 return;
-logger.finest("[" +