date:20170221

[Pki-devel] [PATCH] 0163..0165 Include revocation reason in REST cert data

2017-02-21 Thread Fraser Tweedale

The following patches add the revocation reason to the REST cert
data (i.e. GET /ca/rest/certs/{id}).

Patches 0163 and 0164 were pushed under trivial rule.

Please review 0165.

Thanks,
Fraser
From f50507eac86edba2fba01ff25d6937f7d991770e Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Wed, 22 Feb 2017 10:39:02 +1000
Subject: [PATCH 163/165] Remove unused import

Part of: https://fedorahosted.org/pki/ticket/2601
---
 base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java | 1 -
 1 file changed, 1 deletion(-)

diff --git 
a/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java 
b/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java
index 
36f470511ae1ec0ea31d1997a76f6e4655eb1b2b..2cc9acb583266c19bee7fbad43962d35785aaf45
 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/dbs/RevocationInfo.java
@@ -21,7 +21,6 @@ import java.io.Serializable;
 import java.util.Date;
 
 import netscape.security.x509.CRLExtensions;
-import netscape.security.x509.CRLReasonExtension;
 
 import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 
-- 
2.9.3

From dd77a7d4e199d7678176398324957c2d45e28205 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Wed, 22 Feb 2017 10:45:15 +1000
Subject: [PATCH 164/165] Refactor CertRetrievalRequest construction

Remove an unused constructor from CertRetrievalRequest, and add a
constructor that receives the CertId, simplifying usage.

Part of: https://fedorahosted.org/pki/ticket/2601
---
 base/ca/src/org/dogtagpki/server/ca/rest/CertService.java |  3 +--
 .../com/netscape/certsrv/cert/CertRetrievalRequest.java   | 15 ++-
 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java 
b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
index 
54a349e2a60c6fd7571c2cb43a0504d96050c11a..2f9f467294322428620e2dc800618cde59faf28d
 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
@@ -136,8 +136,7 @@ public class CertService extends PKIService implements 
CertResource {
 throw new BadRequestException("Unable to get certificate: Invalid 
id.");
 }
 
-CertRetrievalRequest data = new CertRetrievalRequest();
-data.setCertId(id);
+CertRetrievalRequest data = new CertRetrievalRequest(id);
 
 CertData certData = null;
 
diff --git 
a/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java 
b/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java
index 
ac8ea079ac468ed7d819f1ce68e494882b5a86d6..7e653d7111202a0583dd8de93411e73bf111ede5
 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertRetrievalRequest.java
@@ -41,8 +41,6 @@ import com.netscape.certsrv.request.RequestIdAdapter;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class CertRetrievalRequest {
 
-private static final String CERT_ID = "certId";
-
 @XmlElement
 @XmlJavaTypeAdapter(CertIdAdapter.class)
 protected CertId certId;
@@ -55,10 +53,8 @@ public class CertRetrievalRequest {
 // required for JAXB (defaults)
 }
 
-public CertRetrievalRequest(MultivaluedMap form) {
-if (form.containsKey(CERT_ID)) {
-certId = new CertId(form.getFirst(CERT_ID));
-}
+public CertRetrievalRequest(CertId certId) {
+this.certId = certId;
 }
 
 /**
@@ -68,11 +64,4 @@ public class CertRetrievalRequest {
 return certId;
 }
 
-/**
- * @param CertId the CertId to set
- */
-public void setCertId(CertId certId) {
-this.certId = certId;
-}
-
 }
-- 
2.9.3

From 1ee1d50819811d364778add187026d4069b8ab68 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale 
Date: Wed, 22 Feb 2017 11:26:43 +1000
Subject: [PATCH 165/165] Include revocation reason in REST cert data

Fixes: https://fedorahosted.org/pki/ticket/2601
---
 .../src/org/dogtagpki/server/ca/rest/CertService.java  | 18 ++
 .../common/src/com/netscape/certsrv/cert/CertData.java | 10 ++
 2 files changed, 28 insertions(+)

diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java 
b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
index 
2f9f467294322428620e2dc800618cde59faf28d..ebbab25728b0df2b9f64e7042a1e8002aebcdce2
 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/CertService.java
@@ -64,6 +64,7 @@ import com.netscape.certsrv.dbs.certdb.CertId;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.ICertRecordList;
 import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
+import com.netscape.certsrv.dbs.certdb.IRevocationInfo;

[Pki-devel] [PATCH] 954 Secured PKI UI main page.

2017-02-21 Thread Endi Sukma Dewata


A web.xml has been added to /pki web application to require SSL
connection to access the PKI UI main page at /pki/ui.

https://fedorahosted.org/pki/ticket/2582

Pushed to master under trivial rule.

--
Endi S. Dewata
>From 72b24a41691cc87068ff156100a0865c794038df Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Tue, 21 Feb 2017 22:02:22 +0100
Subject: [PATCH] Secured PKI UI main page.

A web.xml has been added to /pki web application to require SSL
connection to access the PKI UI main page at /pki/ui.

https://fedorahosted.org/pki/ticket/2582
---
 base/server/share/webapps/pki/WEB-INF/web.xml | 22 ++
 1 file changed, 22 insertions(+)
 create mode 100644 base/server/share/webapps/pki/WEB-INF/web.xml

diff --git a/base/server/share/webapps/pki/WEB-INF/web.xml b/base/server/share/webapps/pki/WEB-INF/web.xml
new file mode 100644
index ..9afb41825ed80bbd7c59acc8bdbdfe3edeb16f12
--- /dev/null
+++ b/base/server/share/webapps/pki/WEB-INF/web.xml
@@ -0,0 +1,22 @@
+
+
+
+
+PKI
+
+
+
+PKI UI
+/ui/*
+
+
+CONFIDENTIAL
+
+
+
+
+30
+
+
+
-- 
2.9.3

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 953 Reorganized PKI UI pages.

2017-02-21 Thread Endi Sukma Dewata


Previously the index.jsp of the ROOT web application was storing
PKI UI main page which contains links to PKI subsystems installed
on the instance.

Now the file has been changed to redirect to /pki which provides
a new PKI UI welcome page. The PKI UI main page itself has been
moved to /pki/ui.

https://fedorahosted.org/pki/ticket/2582

Pushed to master under trivial rule.

--
Endi S. Dewata
>From 961b0138dbc0f5e6af1195f61e36a42ad67baaa7 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Sat, 18 Feb 2017 09:59:30 +0100
Subject: [PATCH] Reorganized PKI UI pages.

Previously the index.jsp of the ROOT web application was storing
PKI UI main page which contains links to PKI subsystems installed
on the instance.

Now the file has been changed to redirect to /pki which provides
a new PKI UI welcome page. The PKI UI main page itself has been
moved to /pki/ui.

https://fedorahosted.org/pki/ticket/2582
---
 base/server/share/webapps/ROOT/index.jsp   | 164 +
 base/server/share/webapps/{ROOT => pki}/index.jsp  |  82 ++-
 .../share/webapps/{ROOT => pki/ui}/index.jsp   |   0
 3 files changed, 13 insertions(+), 233 deletions(-)
 copy base/server/share/webapps/{ROOT => pki}/index.jsp (56%)
 copy base/server/share/webapps/{ROOT => pki/ui}/index.jsp (100%)

diff --git a/base/server/share/webapps/ROOT/index.jsp b/base/server/share/webapps/ROOT/index.jsp
index ade01bc9e29419c725651546059dc0350afa0084..61f5838fed77e3ca958d37fe94f0a9c5134e7322 100644
--- a/base/server/share/webapps/ROOT/index.jsp
+++ b/base/server/share/webapps/ROOT/index.jsp
@@ -1,165 +1,3 @@
-
-http://www.w3.org/TR/html4/loose.dtd;>
-
-
-
-
-
-
-$(function() {
-$.i18n.properties({
-name: 'pki',
-language: ' ', // suppress potential 404's due to .i18n.browserLang()
-path: '/pki/',
-mode: 'map',
-callback: function() {
-var key;
-for (key in $.i18n.map) {
-var message = $.i18n.prop(key);
-$('span.message[name='+key+']').html(message);
-}
-}
-});
-});
-
-
-Certificate System
-
-
-
-
-
-
-
-
-http://pki.fedoraproject.org/; title="Visit pki.fedoraproject.org for more information about Certificate System products and services">
-
-
-
-Certificate System
-
-
-
-  
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 <%
-ServletContext caContext = getServletContext().getContext("/ca");
-if (caContext != null) {
-String caName = caContext.getServletContextName();
-String caPath = caContext.getContextPath();
-if (!"".equals(caPath)) {
+response.sendRedirect("/pki");
 %>
-
-<%= caName %>
-<%
-}
-}
-
-ServletContext kraContext = getServletContext().getContext("/kra");
-if (kraContext != null) {
-String kraName = kraContext.getServletContextName();
-String kraPath = kraContext.getContextPath();
-if (!"".equals(kraPath) && request.isSecure()) {
-%>
-
-<%= kraName %>
-<%
-}
-}
-
-ServletContext ocspContext = getServletContext().getContext("/ocsp");
-if (ocspContext != null) {
-String ocspName = ocspContext.getServletContextName();
-String ocspPath = ocspContext.getContextPath();
-if (!"".equals(ocspPath) && request.isSecure()) {
-%>
-
-<%= ocspName %>
-<%
-}
-}
-
-ServletContext tksContext = getServletContext().getContext("/tks");
-if (tksContext != null) {
-String tksName = tksContext.getServletContextName();
-String tksPath = tksContext.getContextPath();
-if (!"".equals(tksPath) && request.isSecure()) {
-%>
-
-<%= tksName %>
-<%
-}
-}
-
-ServletContext tpsContext = getServletContext().getContext("/tps");
-if (tpsContext != null) {
-String tpsName = tpsContext.getServletContextName();
-String tpsPath = tpsContext.getContextPath();
-if (!"".equals(tpsPath) && request.isSecure()) {
-%>
-
-<%= tpsName %>
-<%
-}
-}
-%>
-
-
-
-
-
-
-
-
-
-
-
diff --git a/base/server/share/webapps/ROOT/index.jsp b/base/server/share/webapps/pki/index.jsp
similarity index 56%
copy from base/server/share/webapps/ROOT/index.jsp
copy to base/server/share/webapps/pki/index.jsp
index ade01bc9e29419c725651546059dc0350afa0084..8eb58546947d1a167c5f87fd23b296d2aa6b1cbc 100644
--- a/base/server/share/webapps/ROOT/index.jsp
+++ b/base/server/share/webapps/pki/index.jsp
@@ -18,8 +18,10 @@
 http://www.w3.org/TR/html4/loose.dtd;>
 
 
+
 
 
+

[Pki-devel] [PATCH] 952 Updated classpath in Console wrapper script.

2017-02-21 Thread Endi Sukma Dewata


The classpath in Console wrapper script has been updated to
include the complete PKI client library.

Pushed to master under trivial rule.

--
Endi S. Dewata
>From 1e56b4c84028fb98b906be4b6caed803e6862706 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Sat, 18 Feb 2017 09:15:19 +0100
Subject: [PATCH] Updated classpath in Console wrapper script.

The classpath in Console wrapper script has been updated to
include the complete PKI client library.
---
 base/console/templates/pki_console_wrapper | 28 +++-
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/base/console/templates/pki_console_wrapper b/base/console/templates/pki_console_wrapper
index 296eba24d4934303197a49230e33613a92265ece..3e3c1692672d69bd9a71052e00f646bd7aed4393 100755
--- a/base/console/templates/pki_console_wrapper
+++ b/base/console/templates/pki_console_wrapper
@@ -19,6 +19,12 @@
 # --- END COPYRIGHT BLOCK ---
 #
 
+# Read default PKI configuration.
+. /usr/share/pki/etc/pki.conf
+
+# Read user-defined PKI configuration.
+. /etc/pki/pki.conf
+
 # Check to insure that this script's original invocation directory
 # has not been deleted!
 CWD=`/bin/pwd > /dev/null 2>&1`
@@ -124,23 +130,13 @@ fi
 ##  order this command wrapper uses to find jar files.   ##
 ###
 
-CP=/usr/lib/java/jss4.jar
-CP=/usr/lib/java/dirsec/jss4.jar:${CP}
-if [ "${OS}" = "Linux" ] &&
-   [ "${ARCHITECTURE}" = "x86_64" ] ; then
-# Fedora 16, 17, 18
-CP=/usr/lib64/java/jss4.jar:${CP}
-fi
-CP=/usr/share/java/ldapjdk.jar:${CP}
+CP=${PKI_LIB}/*
 CP=/usr/share/java/idm-console-nmclf.jar:${CP}
 CP=/usr/share/java/idm-console-nmclf_en.jar:${CP}
 CP=/usr/share/java/idm-console-mcc.jar:${CP}
 CP=/usr/share/java/idm-console-mcc_en.jar:${CP}
 CP=/usr/share/java/idm-console-base.jar:${CP}
 CP=/usr/share/java/389-console_en.jar:${CP}
-CP=/usr/share/java/${PRODUCT}/pki-nsutil.jar:${CP}
-CP=/usr/share/java/${PRODUCT}/pki-cmsutil.jar:${CP}
-CP=/usr/share/java/${PRODUCT}/pki-certsrv.jar:${CP}
 CP=/usr/share/java/${PRODUCT}/pki-console-theme.jar:${CP}
 CP=/usr/share/java/${PRODUCT}/pki-console.jar:${CP}
 export CP
@@ -151,6 +147,12 @@ export CP
 ##  based upon the preset LD_LIBRARY_PATH and CP environment variables.  ##
 ###
 
-${JAVA} ${JAVA_OPTIONS} -cp ${CP} -Djava.util.prefs.systemRoot=/tmp/.java -Djava.util.prefs.userRoot=/tmp/java com.netscape.admin.certsrv.Console -s instanceID -a $1 
+${JAVA} ${JAVA_OPTIONS} \
+  -cp ${CP} \
+  -Djava.util.prefs.systemRoot=/tmp/.java \
+  -Djava.util.prefs.userRoot=/tmp/java \
+  com.netscape.admin.certsrv.Console \
+  -s instanceID \
+  -a $1
+
 exit $?
-
-- 
2.9.3

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 951 Fixed error handling for Console authentication.

2017-02-21 Thread Endi Sukma Dewata


The CMSAdmin class has been modified to show the error dialog
if Console authentication fails.

Pushed to master under trivial rule.

--
Endi S. Dewata
>From 2d89433a5a3706d4cb5a93423d7b9184c74500ba Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" 
Date: Sat, 18 Feb 2017 09:21:12 +0100
Subject: [PATCH] Fixed error handling for Console authentication.

The CMSAdmin class has been modified to show the error dialog
if Console authentication fails.
---
 .../src/com/netscape/admin/certsrv/CMSAdmin.java   | 70 -
 .../src/com/netscape/admin/certsrv/Console.java| 87 --
 2 files changed, 118 insertions(+), 39 deletions(-)

diff --git a/base/console/src/com/netscape/admin/certsrv/CMSAdmin.java b/base/console/src/com/netscape/admin/certsrv/CMSAdmin.java
index 94bb266d13ad76c3fb5790c81011abe6aaf008d4..778edfac601fa6bed1244ce05426c22d6ba205be 100644
--- a/base/console/src/com/netscape/admin/certsrv/CMSAdmin.java
+++ b/base/console/src/com/netscape/admin/certsrv/CMSAdmin.java
@@ -17,21 +17,55 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.admin.certsrv;
 
-import java.util.*;
-import java.net.*;
-import java.awt.*;
-import javax.swing.*;
-import java.awt.event.ActionEvent;
-import java.awt.event.ActionListener;
-import com.netscape.certsrv.common.*;
-import com.netscape.management.client.*;
-import com.netscape.management.client.topology.*;
-import com.netscape.management.client.console.*;
-import com.netscape.management.client.util.*;
-import com.netscape.admin.certsrv.config.install.*;
-import com.netscape.admin.certsrv.task.*;
-import com.netscape.admin.certsrv.wizard.*;
-import netscape.ldap.*;
+import java.awt.Cursor;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.ResourceBundle;
+
+import javax.swing.Icon;
+import javax.swing.JFrame;
+
+import com.netscape.admin.certsrv.config.install.InstallWizard;
+import com.netscape.admin.certsrv.config.install.InstallWizardInfo;
+import com.netscape.admin.certsrv.task.CMSConfigCert;
+import com.netscape.admin.certsrv.task.CMSRemove;
+import com.netscape.admin.certsrv.task.CMSRestart;
+import com.netscape.admin.certsrv.task.CMSStart;
+import com.netscape.admin.certsrv.task.CMSStartDaemon;
+import com.netscape.admin.certsrv.task.CMSStatus;
+import com.netscape.admin.certsrv.task.CMSStop;
+import com.netscape.admin.certsrv.wizard.IWizardDone;
+import com.netscape.admin.certsrv.wizard.WizardWidget;
+import com.netscape.certsrv.common.ConfigConstants;
+import com.netscape.certsrv.common.OpDef;
+import com.netscape.certsrv.common.TaskId;
+import com.netscape.management.client.Framework;
+import com.netscape.management.client.IMenuInfo;
+import com.netscape.management.client.IMenuItem;
+import com.netscape.management.client.IPage;
+import com.netscape.management.client.IResourceObject;
+import com.netscape.management.client.IStatusItem;
+import com.netscape.management.client.MenuItemSeparator;
+import com.netscape.management.client.MenuItemText;
+import com.netscape.management.client.ResourcePage;
+import com.netscape.management.client.StatusItemSecureMode;
+import com.netscape.management.client.StatusItemText;
+import com.netscape.management.client.console.ConsoleInfo;
+import com.netscape.management.client.topology.AbstractServerObject;
+import com.netscape.management.client.topology.IRemovableServerObject;
+import com.netscape.management.client.util.Debug;
+import com.netscape.management.client.util.LDAPUtil;
+import com.netscape.management.client.util.RemoteImage;
+import com.netscape.management.client.util.UtilConsoleGlobals;
+
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPDN;
+import netscape.ldap.LDAPEntry;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPModification;
+import netscape.ldap.LDAPModificationSet;
+import netscape.ldap.LDAPSearchResults;
 
 /**
  * Netscape Certificate Server 4.0 configuration entry point. The
@@ -482,6 +516,8 @@ public class CMSAdmin extends AbstractServerObject
 mPort = portnum;
 }
 } catch (Exception e) {
+CMSAdminUtil.showErrorDialog(mConsoleInfo.getFrame(), mResource,
+e.toString(), CMSAdminUtil.ERROR_MESSAGE);
 return false;
 }
   } catch (LDAPException ex) {
@@ -524,9 +560,9 @@ public class CMSAdmin extends AbstractServerObject
 }
 mConsoleInfo.put("serverInfo", mServerInfo);
 } catch (EAdminException ex) {
-System.exit(0); // exit if authentication fails
 CMSAdminUtil.showErrorDialog(mConsoleInfo.getFrame(), mResource,
 ex.getMessage(), CMSAdminUtil.ERROR_MESSAGE);
+System.exit(0); // exit if authentication fails
 return false;
 }
 
@@ -838,7 +874,7 @@ public class CMSAdmin extends AbstractServerObject
   // this

[Pki-devel] [PATCH] 0163..0165 Include revocation reason in REST cert data

[Pki-devel] [PATCH] 954 Secured PKI UI main page.

[Pki-devel] [PATCH] 953 Reorganized PKI UI pages.

[Pki-devel] [PATCH] 952 Updated classpath in Console wrapper script.

[Pki-devel] [PATCH] 951 Fixed error handling for Console authentication.

5 matches

Site Navigation

Mail list logo

Footer information