Re: [Pki-devel] [PATCH] 827 Added support to create system certificates in different tokens.

On 9/2/2016 10:12 AM, Ade Lee wrote: This looks OK to me. I will merge it Ade Thanks! -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 0133 Revoke lightweight CA certificate on deletion

On 8/24/2016 11:18 PM, Fraser Tweedale wrote: Hi team, The attached patch implements cert revocation on LWCA deletion. The TODO for parametrising over revocation reason and invalid date is intentional - I just want to get the minimal viable solution into 10.3.x ASAP and we can look at what

[Pki-devel] [PATCH] 824-825 Fixed default token name for system certificates.

Previously when installing with HSM the token name has to be specified for each system certificate in the pki__token parameters. The deployment tool has been modified such that by default it will use the token name specified in pki_token_name. Previously issues with system certificates that

Re: [Pki-devel] [PATCH] 827 Added support to create system certificates in different tokens.

> I'm less familiar with the area, so I'm just going to ask a question. Where > in the new code does it handle taking in passwords and logging into the > extra token(s)? > > > thanks, > > Christina > > On 08/31/2016 12:35 PM, Endi Sukma Dewata wrote: > >

[Pki-devel] [PATCH] 830 Removed support for creating system certificates in different tokens.

The patch that added the support for creating system certificates in different tokens causes issues in certain cases, so for now it has been reverted. https://fedorahosted.org/pki/ticket/2449 -- Endi S. Dewata >From 962ca82b97a1d2440569d1d70984a5765191ba59 Mon Sep 17 00:00:00 2001 From: "Endi

Re: [Pki-devel] [PATCH] 830 Removed support for creating system certificates in different tokens.

On 9/8/2016 2:13 PM, Endi Sukma Dewata wrote: The patch that added the support for creating system certificates in different tokens causes issues in certain cases, so for now it has been reverted. https://fedorahosted.org/pki/ticket/2449 Pushed to master (10.4) under one-liner/trivial rule

[Pki-devel] [PATCH] 833 Additional improvements for SigningUnit.

To help troubleshooting the SigningUnit for CA have been modified to show additional log messages. https://fedorahosted.org/pki/ticket/2463 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata >From d45c675948bb1ec13610626c57b6905dfc03fd43 Mon Sep 17 00:00:00 2001 From:

[Pki-devel] [PATCH] 831 Troubleshooting improvements for SigningUnit.

To help troubleshooting the SigningUnit for CA and OCSP have been modified to chain the original exceptions. https://fedorahosted.org/pki/ticket/2463 Pushed master (10.4) under one-line/trivial rule. -- Endi S. Dewata >From 701022f97aef862c1cdfa6b030fecf0a1d250930 Mon Sep 17 00:00:00 2001

[Pki-devel] [PATCH] 819 Added debug messages for ConfigurationUtils.handleCerts().

To help troubleshooting some debug messages have been added into ConfigurationUtils.handleCerts(). https://fedorahosted.org/pki/ticket/2436 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata >From 9aa6640e7e94a591343478ee806a6e6d4c9f81e8 Mon Sep 17 00:00:00 2001 From:

Re: [Pki-devel] [PATCH] 820 Allowing optional CA signing CSR.

On 8/19/2016 4:26 PM, Endi Sukma Dewata wrote: The CA signing CSR is already stored in request record which will be imported as part of migration process, so it's not necessary to export and reimport the CSR file again for migration. To allow optional CSR, the pki-server subsystem-cert-validate

[Pki-devel] [PATCH] 839 Updated PKI server logging service to use SLF4J.

The PKI server logging service has been modified to utilize SLF4J. This allows the admin to use the logging framework of choice. https://fedorahosted.org/pki/ticket/195 This patch depends on patch #834. -- Endi S. Dewata >From 3180e43d9e314c7135bb8368a464d1fb6d3c5bc4 Mon Sep 17 00:00:00 2001

Re: [Pki-devel] [PATCH] 853-854 Added man pages for PKCS #12 utilities.

On 11/7/2016 7:23 PM, Christina Fu wrote: looks good. The only thing I had question with was whether the referred to in the man pages was in DER binary encoding or base64 encoded PEM. It would help if you clarify that. Conditional ACK. Christina Thanks! I fixed the pkcs12-cert-export

[Pki-devel] [PATCH] 864 Generalized list of files in CMakeLists.txt.

The list of source and class files in some CMake files have been generalized to allow renaming Java packages without changing the CMake files again. https://fedorahosted.org/pki/ticket/6 I've verified that the new CMake files do not change the content of the JAR files. -- Endi S. Dewata

[Pki-devel] [PATCH] 865 Moved policy framework classes to org.dogtagpki.legacy.

To discourage the use of policy framework, the framework classes have been moved into org.dogtagpki.legacy. https://fedorahosted.org/pki/ticket/6 -- Endi S. Dewata >From 8ee7d79b765f420680c153f47039e30ec1862bea Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 4

Re: [Pki-devel] [PATCH] 844 Fixed CryptoUtil.getTokenName().

On 10/18/2016 11:34 AM, Christina Fu wrote: Code looks good. ACK if tested to work in both FIPS and non-FIPS, with or without HSM. Might be a future exercise to find out where the string "Internal Key Storage Token" comes from. Christina Thanks! It works in the above cases. The patch has

Re: [Pki-devel] [PATCH] 485 Fixed TPS UI system menu.

On 10/20/2016 8:07 PM, John Magne wrote: Have seen demo, and it looks good. ACK Thanks! Pushed to master. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 486 Fixed TPS UI for agent approval.

On 10/20/2016 8:07 PM, John Magne wrote: Have seen demo and looks good. ACK Thanks! Pushed to master. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 847 Fixed typo in UserPwdDirAuthentication.

https://fedorahosted.org/pki/ticket/2460 Pushed to master & 10.3 branch under trivial/one-liner rule. -- Endi S. Dewata >From 456434acfc230efbb0414a7daa72afe60909a04b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 24 Oct 2016 18:30:55 +0200 Subject: [PATCH]

[Pki-devel] [PATCH] 485 Fixed TPS UI system menu.

The TPS UI has been modified to adjust the system menu based on the list of accessible components obtained during login. The TPSApplication has been modified to use TPSAccountService which returns the list of accessible components based on the following properties in the CS.cfg: * admin:

[Pki-devel] [PATCH] 486 Fixed TPS UI for agent approval.

The TPS UI has been updated to support TPS agent approval process for changes in authenticators, connectors, and profile mappings in addition to profiles. The ConfigEntryPage has been updated to display the action links consistently in the above components for all possible role and status

Re: [Pki-devel] [PATCH] 873 Added subsystem logging.properties for debugging.

On 11/18/2016 3:00 PM, Endi Sukma Dewata wrote: A new logging.properties has been added to each subsystem to define the PKI packages to be logged in the debug log. The server logging.properties has been updated to define the debug log handlers for each subsystem. The pki.policy has been

[Pki-devel] [PATCH] 875 Updated server logging.properties.

The server logging.properties has been modified to log low level messages into catalina log for troubleshooting non-PKI issues (e.g. RESTEasy). High level messages (i.e. errors and warnings) will continue to be logged on the console. The pki-server-logging man page has been updated accordingly.

[Pki-devel] [PATCH] 877 Refactored PKIConnection.get().

The PKIConnection has been modified to provide two get() methods: one returning a generic Response object wnd the other returning an object with the specified type. The ConfigurationUtils has been modified accordingly. https://fedorahosted.org/pki/ticket/1517 Pushed to master and 10.3 branch

[Pki-devel] [PATCH] 878 Fixed problem with pki user-cert-add.

Previously the pki user-cert-add fails to check whether the server has a CA subsystem when it's invoked over SSL. That is because the CLI tries to establish a new but improperly set up SSL connection. Now the CLI has been modified to use the existing server connection.

[Pki-devel] [PATCH] 876 Updated pki-cert man page.

The pki-cert man page has been updated to clarify that certain profiles may require authentication and the CLI supports certain authentication types. https://fedorahosted.org/pki/ticket/2289 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From

Re: [Pki-devel] [PATCH] 866 Fixed problem installing subordinate CA with HSM in FIPS mode.

On 11/15/2016 8:55 PM, Christina Fu wrote: looks good. if tested to work, ack. Christina Thanks! Pushed to master. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 867 Fixed hanging subordinate CA with HSM installation in FIPS mode.

On 11/15/2016 11:02 PM, Endi Sukma Dewata wrote: When installing subordinate CA with HSM, the installer calls the pki CLI (which is implemented using JSS) to validate the imported CA certificate in HSM. Normally, the HSM password is specified as CLI parameter, but in FIPS mode JSS requires both

[Pki-devel] [PATCH] 872 Update PKCS12Util to use SLF4J.

The PKCS12Util class has been modified to use SLF4J logging framework. The CMake scripts has been modified to include SLF4J libraries in the classpath. The spec file has been modified to add SLF4J dependencies. https://fedorahosted.org/pki/ticket/195 -- Endi S. Dewata >From

[Pki-devel] [PATCH] 873 Added subsystem logging.properties for debugging.

A new logging.properties has been added to each subsystem to define the PKI packages to be logged in the debug log. The server logging.properties has been updated to define the debug log handlers for each subsystem. The pki.policy has been modified to allow Tomcat to read the default

[Pki-devel] [PATCH] 874 Updated PKI server logging service to use SLF4J.

The PKI server logging service has been modified to utilize SLF4J internally while maintaining the same API. This will allow incremental transition to SLF4J. https://fedorahosted.org/pki/ticket/195 -- Endi S. Dewata >From ac10c328028d332e047358721de2cda3c56bc6c8 Mon Sep 17 00:00:00 2001 From:

Re: [Pki-devel] [PATCH] 868-871 Added man pages for logging configuration

On 11/17/2016 7:18 PM, Matthew Harmsen wrote: ACK (presuming customization and troubleshooting have been tested) with the following caveats: * pki-edewata-0868-Removed-unused-subsystem-logging.properties.patch o This patch needs to be split into two separate and distinct patches:

Re: [Pki-devel] [PATCH] 864 Generalized list of files in CMakeLists.txt.

On 11/9/2016 1:56 PM, Ade Lee wrote: ACK Thanks! Pushed to master. -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] 859 Fixed resource leak in ExtendedKeyUsageExtension.

The ExtendedKeyUsageExtension has been modified to always close the DerOutputStream instance. The ExtendedKeyUsageExt has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From

[Pki-devel] [PATCH] 860 Fixed resource leak in InhibitAnyPolicyExtension.

The InhibitAnyPolicyExtension has been modified to always close the DerOutputStream instance. The InhibitAnyPolicyExtDefault has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From

[Pki-devel] [PATCH] 861 Replaced deprecated DefaultHttpClient.

The deprecated DefaultHttpClient in SubsystemClient, CRMFPopClient, and OCSPProcessor has been replaced with HttpClientBuilder. https://fedorahosted.org/pki/ticket/2531 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From db58e6071f6bb57de006e6499c0a0c6a8c8e67bf Mon Sep 17

[Pki-devel] [PATCH] 853-854 Added man pages for PKCS #12 utilities.

New man pages have been added: pki-pkcs12, pki-pkcs12-cert, and pki-pkcs12-key. The pki-core.spec has been updated to include the new man pages for PKCS #12 utilities. https://fedorahosted.org/pki/ticket/1920 -- Endi S. Dewata >From 189f7aa36f02256de5472117ea927ca762604a62 Mon Sep 17 00:00:00

[Pki-devel] [PATCH] 857 Fixed resource leak in GenericASN1Extension.

The GenericASN1Extension has been modified to always close the DerOutputStream instance. https://fedorahosted.org/pki/ticket/2530 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From 487d08c2832368848f1235d781e114d343190476 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 858 Fixed resource leak in OCSPNoCheckExtension.

The OCSPNoCheckExtension has been modified to always close the DerOutputStream instance. The OCSPNoCheckExt has been modified to wrap the original exception. https://fedorahosted.org/pki/ticket/2530 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From

[Pki-devel] [PATCH] 863 Reverted policy framework deprecation.

To reduce Eclipse warnings, classes and methods related to policy framework have been undeprecated. In the future the policy framework may be removed since it has already been replaced with the profile framework. https://fedorahosted.org/pki/ticket/6 -- Endi S. Dewata >From

[Pki-devel] [PATCH] 844 Fixed CryptoUtil.getTokenName().

The CryptoUtil.getTokenName() has been modified to check both the short name and full name of the internal token. The ConfigurationUtils.deleteCert() has also been modified to call CryptoUtil.getTokenName(). https://fedorahosted.org/pki/ticket/2500 Pushed to master under one-liner/trivial

[Pki-devel] [PATCH] 842 Fixed installation error message.

The verify_subsystem_does_not_exist() has been modified to display the proper error message when the subsystem to be installed already exists. https://fedorahosted.org/pki/ticket/2476 Pushed to master under one-liner/trivial rule. -- Endi S. Dewata >From

[Pki-devel] [PATCH] 843 Fixed pki-nsutil build order.

To help troubleshooting build issues the pki-nsutil-classes build target has been modified to depend on symkey-jar although there is no actual code dependency. This way the targets will be built sequentially and error messages will be easier to find. https://fedorahosted.org/pki/ticket/2476

[Pki-devel] [PATCH] 896 Fixed misleading error message on duplicate cert in HSM.

The ConfigurationUtils.handleCerts() has been modified to log the actual exception instead of showing the "deleteCert" operation which may not be executed yet. https://fedorahosted.org/pki/ticket/2457 Pushed to master under trivial rule. -- Endi S. Dewata >From

[Pki-devel] [PATCH] Replaced default AJP hostname with generic loopback address.

Previously the default AJP hostname was an IPv4 loopback address. To avoid problems in IPv6 environments the default has been changed to a generic "localhost" address. The man page has been updated accordingly. https://fedorahosted.org/pki/ticket/2570 Tested with IPA. Pushed to master under

[Pki-devel] [PATCH] 897 Added global TCP Keep-Alive option.

A new tcp.keepAlive parameter has been added for CS.cfg to configure the TCP Keep-Alive option for all LDAP connections created by PKI server. By default the option is enabled. The LdapJssSSLSocketFactory has been modified to support both plain and secure sockets. For clarity, the socket factory

[Pki-devel] [PATCH] Refactored pki_copytree().

The pki_copytree() has been moved from pkihelper.py into pki/util.py such that it can be reused in non-deployment scenarios. Pushed to master under trivial rule. -- Endi S. Dewata >From 9822676b7f00cc7e78d42c50c2506a289ed9c1c6 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 887 Refactored master & slots dictionaries creation.

To improve reusability the deployment tools have been modified such that the master and slots dictionary objects are created in PKIDeployer at the beginning of the program. The PKIConfigParser has been modified to use the same dictionary objects. Pushed to master under trivial rule. -- Endi S.

[Pki-devel] [PATCH] 888 Refactored user_config object in pkiconfig.py.

To improve reusability the user_config object has been converted from a global variable in pkiconfig.py into an attribute in PKIDeployer. Pushed to master under trivial rule. -- Endi S. Dewata >From 84e98cd37d0299e3070b88309e331f721dd8d058 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 882 Removed redundant find_file() for Tomcat libraries.

The CMake scripts have been modified to remove redundant invocations of find_file() to find Tomcat libraries. https://fedorahosted.org/pki/ticket/2560 Pushed to master under trivial rule. -- Endi S. Dewata >From 843cbeed6ddab8f1883abce47a8c45e0fa14fc5a Mon Sep 17 00:00:00 2001 From: "Endi S.

[Pki-devel] [PATCH] 881 Fixed pki-tools build order.

To help troubleshooting build issues the pki-tools build targets have been modified such that they run sequentially. This way error messages will be easier to find in the build log. https://fedorahosted.org/pki/ticket/2463 Pushed to master under trivial rule. -- Endi S. Dewata

[Pki-devel] [PATCH] 885 Added startup CLI for generic Tomcat.

New pki-server commands have been added to provide a consistent way to start, stop, and restart PKI instances using different types of Tomcat installations. https://fedorahosted.org/pki/ticket/2560 -- Endi S. Dewata >From 69805bcc5b6fcedb3f4114e2f02b50d8a5931e09 Mon Sep 17 00:00:00 2001 From:

[Pki-devel] [PATCH] 884 Added support for deploying with generic Tomcat.

The start(), stop() and restart() methods in PKIInstance have been modified to provide a unified way to manage instances using different types of Tomcat installations: * generic Tomcat * standard Tomcat on Debian * nuxwdog-enabled Tomcat on Fedora/RHEL * standard Tomcat on Fedora/RHEL The

[Pki-devel] [PATCH] 891 Refactored PKIDeployer.

To improve reusability the PKIDeployer class has been moved from the pkihelper.py into the top level pki.server.deployment module. -- Endi S. Dewata >From 202365ea7ff3cd85e16243b751f9f56bb8018ed6 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 21 Dec 2016 16:12:19

[Pki-devel] [PATCH] 893 Refactored deployment timestamp variables.

To improve reusability the deployment timestamp variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer. Pushed to master under trivial rule. -- Endi S. Dewata >From d77d308f2284ea057c5235d4e828ff4cd0029d57 Mon Sep 17 00:00:00 2001 From: "Endi S.

[Pki-devel] [PATCH] 894 Refactored deployment system variables.

To improve reusability the deployment system variables have been converted from global variables in pkiconfig.py into attributes in PKIDeployer. Pushed to master under trivial rule. -- Endi S. Dewata >From 93d3b5f399078eeafafc47e27f02a8cd643dbba6 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 1002-1008 Fixed unnecessary CLI connection.

Additional changes to remove unnecessary CLI connection using lazy initialization. Pushed to master under trivial rule. -- Endi S. Dewata >From 043aa471f9e243faad58917e9e055affdb694c79 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 24 Mar 2017 02:02:51 +0100

[Pki-devel] [PATCH] 1018-1020 Removed duplicate constants.

Some constants in RollingLogFile have been replaced with their equivalents in Constants class. Pushed to master under trivial rule. -- Endi S. Dewata >From 8d60caa44803915c153e1919ccaf08b166d38190 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 29 Mar 2017

[Pki-devel] [PATCH] 1010-1017 Fixed unnecessary CLI connection.

Additional changes to remove unnecessary CLI connection using lazy initialization. Pushed to master under trivial rule. -- Endi S. Dewata >From a6b64e4f45348011885f268db92beab0d563ff22 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 24 Mar 2017 03:42:55 +0100

[Pki-devel] [PATCH] 1024 Removed redundant Context attributes.

All subclasses of PKIService have been modified to remove the Context attribute since they have been declared in the base class. Pushed to master under trivial rule. -- Endi S. Dewata >From 7fc7d3e8844d4992db60a637370b8599bff5a282 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 977 Fixed PKIClient initialization in PKI CLI.

The PKI CLI has been modified such that it initializes the PKIClient (and retrieves the access banner) only if the CLI needs to access the PKI server. https://pagure.io/dogtagpki/issue/2612 Pushed to master under trivial rule. -- Endi S. Dewata >From 6bcb89b55db870766ddcf09002a5997b323bd196

[Pki-devel] [PATCH] 984 Added pki.conf parameter for default SSL ciphers.

A new parameter has been added to pki.conf to enable/disable the default SSL ciphers for PKI CLI. Pushed to master under trivial rule. -- Endi S. Dewata >From de4b48b9e4523a865e74f8122e130e976b124410 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 19 Mar 2017

[Pki-devel] [PATCH] 978 Added configuration parameters for SSL version ranges.

The hard-coded SSL version ranges in PKI CLI have been converted into configurable parameters in the pki.conf. Pushed to master under trivial rule. -- Endi S. Dewata >From 31683301b69fda23893c80af7c34c42a75e1b906 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 17

[Pki-devel] [PATCH] 982 Refactored CryptoUtil.setClientCiphers().

The code that converts cipher name into cipher ID and enables the cipher in CryptoUtil.setClientCiphers() has been moved into a separate method. Pushed to master under trivial rule. -- Endi S. Dewata >From af7be30e164b1aebbb0e6eaf1fbfc6b9fb46360e Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 981 Fixed error handling in CryptoUtil.setClientCiphers().

The CryptoUtil.setClientCiphers() has been modified to throw an exception on unsupported cipher. Pushed to master under trivial rule. -- Endi S. Dewata >From 035f37b6416e9b001ff49e06142751b974835a9b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 19 Mar 2017

[Pki-devel] [PATCH] 979 Renamed CryptoUtil.setClientCiphers().

The setClientCiphers() in CryptoUtil has been renamed to setDefaultSSLCiphers() for clarity. Pushed to master under trivial rule. -- Endi S. Dewata >From a168db3f36584a6a576daa91c993d18c134835fe Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 19 Mar 2017 18:44:06

[Pki-devel] [PATCH] 980 Fixed error handling in CryptoUtil.unsetSSLCiphers().

The CryptoUtil.unsetSSLCiphers() has been modified not to ignore exceptions. Pushed to master under trivial rule. -- Endi S. Dewata >From cdffde5b5449db804e98ccac624cdc5eeab29dce Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 19 Mar 2017 19:52:51 +0100 Subject:

[Pki-devel] [PATCH] 973 Added missing Eclipse dependency.

The Eclipse .classpath file has been modified to include tomcat-coyote.jar to avoid build problem. Pushed to master under trivial rule. -- Endi S. Dewata >From 686303c3b71f9c929face7c0f947cf7563e9da68 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 17 Mar 2017

[Pki-devel] [PATCH] 974 Default NSS database for PKI CLI.

The PKI CLI has been modified to create a default NSS database without a password if there is no existing database at the expected location. Pushed to master under trivial rule. -- Endi S. Dewata >From 8b85ace2a2761c8451a11b4df8f142bd291cd6d4 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 971 Removed duplicate code to configure SSL version ranges.

The duplicate code for configuring default SSL version ranges has been merged into reusable methods in CryptoUtil. Pushed to master under trivial rule. -- Endi S. Dewata >From 4d6e6d05d5270a0e81ae12e2583cae9c49667c88 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date:

[Pki-devel] [PATCH] 976 Cleaned up CryptoUtil.setClientCiphers(String).

The CryptoUtil.setClientCiphers(String) has been reformatted to simplify future refactoring. Pushed to master under trivial rule. -- Endi S. Dewata >From 2b9f9b7ef9e936dc5dc7ecc7bcc4c2fd8236dd1f Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sat, 18 Mar 2017 03:33:10

[Pki-devel] [PATCH] 989 Allowing client cert auth without NSS database password.

The PKI CLI has been modified to support client cert authentication without NSS database password. Pushed to master under trivial rule. -- Endi S. Dewata >From 516e9360f96721bdbd0301b12120c9d47225e5e4 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 21 Mar 2017

[Pki-devel] [PATCH] 0988 Allowing pki pkcs12-import without NSS database password.

The pki.nssdb module has been modified to support operations without NSS database password. Pushed to master under trivial rule. -- Endi S. Dewata >From 2c4beb83a1dd772e02f5809e610319fcf1812034 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 20 Mar 2017 01:28:05

[Pki-devel] [PATCH] 987 Allowing pki client-init without NSS database password.

The pki client-init has been modified to support creating NSS database without password. Pushed to master under trivial rule. -- Endi S. Dewata >From 4c6a98d79a02fd0bf6e5da56835e8dd0ce2e7485 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Mon, 20 Mar 2017 01:21:34

[Pki-devel] [PATCH] 991 Added support for disabling SSL ciphers in pki.conf.

The CryptoUtil.setSSLCiphers() has been modified to support a "-" sign in front of the cipher name or ID to disable the cipher. Pushed to master under trivial rule. -- Endi S. Dewata >From 8ba95a89a7de733c5319f575e80621faa2b45e90 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] 990 Added support for hex cipher IDs in pki.conf.

The CryptoUtil.setSSLCipher() has been modified to support ciphers specified using hex ID. Pushed to master under trivial rule. -- Endi S. Dewata >From bc6ad11480c4d5185cf70334b4cbc03e3a1cff61 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 19 Mar 2017 20:23:23

[Pki-devel] [PATCH] 970 Exporting environment variables for PKI client.

The default pki.conf has been modified to export the environment variables such that they can be used by PKI client. Pushed to master under trivial rule. -- Endi S. Dewata >From f2c3331176be82317cd5401b8b69d8adef18b188 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date:

[Pki-devel] [PATCH] 969 Added cascading configuration for PKI CLI.

The PKI CLI has been modified to support cascading configuration files: default, system-wide, and user-specific configuration. The existing Python-based PKI CLI was moved into pki.cli.main module. A new shell script was added as a replacement which will read the configuration files and invoke

[Pki-devel] [PATCH] 1027 Fixed PKIServerSocketListener.

The PKIServerSocketListener.alertReceived() has been fixed to generate audit log when the SSL socket is closed by the client. The log message has been modified to include the reason for the termination. https://pagure.io/dogtagpki/issue/2602 Pushed to master under trivial rule. -- Endi S.

[Pki-devel] [PATCH] 1032-1033 Added pki-server CLI commands to inspect audit log files.

New pki-server CLI commands have been added to simplify inspecting the audit log files on the server. Pushed to master under trivial rule. -- Endi S. Dewata >From d8081073d10065987341a6583a6a7e7351b22438 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 11 Apr 2017

[Pki-devel] [PATCH] 1030 Fixed pki user and group commands.

The UserCLI and GroupCLI have been fixed to use the subsystem name in the client configuration object if available. https://pagure.io/dogtagpki/issue/2626 -- Endi S. Dewata >From 0409bfa35601a0b59f75c05cf8a34aed6514fc24 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date:

[Pki-devel] [PATCH] 1044 Added methods to log AuditEvent object.

New audit(AuditEvent) methods have been added alongside the existing audit(String) methods. Pushed to master under trivial rule. -- Endi S. Dewata >From 92b68d7ab3f58ad80a545f550f0598de2c43da2c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Thu, 13 Apr 2017 01:45:37

[Pki-devel] [PATCH] 1043 Updated CMS.getLogMessage().

The CMS.getLogMessage() has been generalized to take an array of Objects instead of Strings. Pushed to master under trivial rule. -- Endi S. Dewata >From 9fa3323e017079e490a3749dfdbf5d59a08c65e9 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Wed, 12 Apr 2017 21:44:31

[Pki-devel] [PATCH] Fixed missing IAuditor.log(AuditEvent).

The IAuditor has been modified to define a log() method for AuditEvent object. Pushed to master under trivial rule. https://github.com/dogtagpki/pki/commit/ba32351d7c362e6b0e313cde0929c56f3f55ec5f -- Endi S. Dewata ___ Pki-devel mailing list

[Pki-devel] [PATCH] AdminConnection cleanup by Eclipse.

Pushed to master under trivial rule. https://github.com/dogtagpki/pki/commit/e12a9367108ca9dbdd2cc02f35f68be8d6865457 -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] Added AdminServlet.audit(AuditEvent).

A new audit() methods have been added to log AuditEvents in AdminServlet. Pushed to master under trivial rule. https://github.com/dogtagpki/pki/commit/17e71d3ec1f52cc2e13590499dd70c5932885b20 -- Endi S. Dewata ___ Pki-devel mailing list

[Pki-devel] [PATCH] Refactored additional line concatenation.

The code that concatenates lines has been simplified using String.replace(). Pushed to master under trivial rule. https://github.com/dogtagpki/pki/commit/6bb1757a035d3439a65aa604a19dcdf48b7b2dbc -- Endi S. Dewata ___ Pki-devel mailing list

[Pki-devel] [PATCH] 1045 Fixed ClientIP field in SSL session audit log.

The PKIServerSocketListener has been fixed to obtain the correct client IP address from SSL socket. https://pagure.io/dogtagpki/issue/2602 Pushed to master under trivial rule. -- Endi S. Dewata >From 0aebe0b9192d5c549cc3350926ecf42276dbccb0 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] Refactored line concatenation.

The code that concatenates lines has been simplified using String.replace(). Pushed to master under trivial rule. https://github.com/dogtagpki/pki/commit/46cc674dcb6ff09167c69391054b36bdcfb36cbb -- Endi S. Dewata ___ Pki-devel mailing list

[Pki-devel] [PATCH] 966 Refactored PKIInstance.load().

The code that loads the password.conf in PKIInstance.load() has been converted into a general purpose load_properties() method. A corresponding store_properties() method has been added as well. Pushed to master under trivial rule. -- Endi S. Dewata >From 7810a55d0b967ff5355312e952fc4c7314a45f35

[Pki-devel] [PATCH] 1028 Fixed pki_console_wrapper.

The pki_console_wrapper script has been fixed to load cascading pki.conf properly and to set the logging configuration property. Pushed to master under trivial rule. -- Endi S. Dewata >From 10d8f53c25d8ed7907b55c247fc77e5c3900029b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"

[Pki-devel] [PATCH] Updated debug logs in SystemConfigService.

Pushed to master under trivial rule. https://github.com/dogtagpki/pki/commit/f902b0365f2cf92f14f0a814394cd025669b3ea8 -- Endi S. Dewata ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] Fixed pylint errors (re-sent)

On 5/31/2017 6:30 PM, Matthew Harmsen wrote: The attached patch was altered to change "args" ==> "argv" rather than "argv" ==> "args" since it was discovered that a number of the routines utilized "args" as a local variable that would have to be changed since if the "argv" input parameter were

[Pki-devel] PKI 10.6.1 Release

Hi, PKI 10.6.1 is now available upstream: https://github.com/dogtagpki/pki/releases/tag/v10.6.1 Fedora 28 builds are available via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f684aab1a Fedora Rawhide builds are available in Koji. Fedora 27 builds are available in

[Pki-devel] JSS 4.4 branching

Hi, Just FYI, the JSS repository has been branched. The JSS_4_4_BRANCH will be used for JSS 4.4.x maintenance. The master branch will be used for JSS 4.5 development. If you are fixing something in the 4.4 branch, please also fix it in the master branch. Thanks. -- Endi S. Dewata

[Pki-devel] PKI 10.6.0 and TomcatJSS 7.3.0

Hi, PKI 10.6.0 and TomcatJSS 7.3.0 has officially been released upstream and in Fedora 28: https://github.com/dogtagpki/pki/releases/tag/v10.6.0 https://github.com/dogtagpki/tomcatjss/releases/tag/v7.3.0 Please note that there are no changes since the last Release Candidate. Thanks for your

[Pki-devel] PKI 10.6.6 Release

Hi, PKI 10.6.6 is now available upstream: https://github.com/dogtagpki/pki/releases/tag/v10.6.6 Fedora 28 builds are available via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-9132d6f913 Fedora 29 builds are available in Koji. Fedora 27 builds are available in this

[Pki-devel] HTTP NIO Connector

Hi, We have just implemented the switch to HTTP NIO connector in the master branch: https://github.com/dogtagpki/pki/commit/3be16204bed2bf075fbe894135ca7d59cd7b408d See this page for explanation: http://www.dogtagpki.org/wiki/PKI_10.6_HTTP_NIO_Connector_Support If you have an existing PKI 10.6

Re: [Pki-devel] CMS.debug(Throwable e); stack trace suppressed?

Hi Fraser, Yeah, there's a bug in the message formatter. Could you take a look at this patch? https://review.gerrithub.io/#/c/403387/ Here's some documentation (still work in progress): http://pki.fedoraproject.org/wiki/PKI_10.6_Logging_Improvements Thanks! -- Endi S. Dewata - Original

[Pki-devel] TomcatJSS 7.3.0 Release Candidate

Hi, TomcatJSS 7.3.0 Release Candidate is now available upstream: https://github.com/dogtagpki/tomcatjss/releases/tag/v7.3.0-rc Fedora 28 build is available via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a52fb8dd30 Fedora Rawhide build is available in Koji. Fedora

[Pki-devel] PKI 10.6.0 Beta on Fedora

Hi, PKI 10.6.0 Beta is now available on Fedora 28 Beta via the following update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2fd7295cb9 Fedora Rawhide builds are available in Koji. Fedora 27 builds are available in PKI 10.6 COPR repository (for development only):

<    1   2   3   4   >