[PATCH] 113-117 changes to install scripts to move calls to admin interface
by Ade Lee
We want to use the admin interface for installation work. This patch
moves the interfaces used in cloning from either the EE or agent
interface to the admin one. See:
http://pki.fedoraproject.org/wiki/8.1_installer_work_for_cloning
Specifically,
1. Change call to use /ca/admin/ca/getCertChain
2. Remove unneeded getTokenInfo servlet. The logic not to use this
servlet has already been committed to dogtag 10.
3. Move updateNumberRange to the admin interface. For backward
compatibility with old instances, the install code will
call /ca/agent/updateNumberRange as a fallback.
4. Add updateDomainXML to admin interface. For backward compatibility,
updateDomainXML will continue to be exposed on the agent interface with
agent client auth.
5. Changed pkidestroy to get an install token and use the admin
interface to update the security domain. For backward compatibility,
the user and password and not specified as mandatory arguments -
although we want to do that in future.
Please review,
Ade
12 years
Customization
by Endi Sukma Dewata
Hi,
This is a proposal to restructure the deployment to support
customization while still allowing automatic upgrades:
http://pki.fedoraproject.org/wiki/Customization
Please have a look and let me know if you have any comments or
questions. Thanks!
--
Endi S. Dewata
12 years
[PATCH] 208 Additional output attributes for cert-find.
by Endi Sukma Dewata
The cert-find command has been modified to include some additional
attributes including certificate type and version, key algorithm
name and length, validity dates, creation time and issuer.
Ticket #498
--
Endi S. Dewata
12 years
[PATCH] 210 Fixed validity duration options for cert-find.
by Endi Sukma Dewata
The cert-find command has been fixed to show better error messages
on missing validity duration options. The validity duration unit
has been changed to take "day", "week", "month", or "year" and
convert it into milliseconds.
Ticket #291, #500
--
Endi S. Dewata
12 years
[PATCH] 209 Fixed conflicting security domain hosts.
by Endi Sukma Dewata
The SecurityDomainProcessor has been modified to generate the host
ID from the subsystem type, hostname, and secure port instead of
relying on the user-configurable SubsystemName attribute.
Ticket #503
--
Endi S. Dewata
12 years
[PATCH] 207 Fixed date format for cert-find parameters.
by Endi Sukma Dewata
All date parameters for cert-find have been modified to use the
YYYY-MM-DD date format. Date parsing code in FilterBuilder has
been modified not to ignore parsing errors.
Ticket #497
--
Endi S. Dewata
12 years
[PATCH] 199 Added interactive subsystem installation.
by Endi Sukma Dewata
The pkispawn has been modified such that if there is no configuration
file specified it will enter an interactive mode.
Ticket #380
The pkidestroy will be modified in a separate patch.
--
Endi S. Dewata
12 years
[PATCH] Session-based nonces.
by Endi Sukma Dewata
Previously nonces were stored in a global map which might not scale
well due to some issues:
1. The map used the nonces as map keys. There were possible nonce
collisions which required special handling.
2. The collision handling code was not thread safe. There were
possible race conditions during concurrent modifications.
3. The map was shared and size limited. If there were a lot of
users using the system, valid nonces could get pruned.
4. The map mapped the nonces to client certificates. This limited
the possible authentication methods that could be supported.
Now the code has been modified such that each user has a private map
in the user's session to store the nonces. Additional locking has been
implemented to protect against concurrent modifications. The map now
uses the target of the operation as the map key, eliminating possible
collisions and allowing the use of other authentication methods. Since
this is a private map, it's not affected by the number of users using
the system.
Ticket #474
--
Endi S. Dewata
12 years