[PATCH] 284 Reorganized interceptors.
by Endi Sukma Dewata
The ACLInterceptor and AuthMethodInterceptor interceptors only run
on the server, so they have been moved from the base package into
the server package.
--
Endi S. Dewata
10 years, 7 months
[PATCH] 292 Fixed pylint false positive.
by Endi Sukma Dewata
Under some circumstances build would fail due to pylint E1103 error
saying "Instance of 'list' has no 'strip' member". This is a false
positive since the object is actually a string. To avoid the error
the code has been changed to explicitly convert the value to string.
--
Endi S. Dewata
10 years, 7 months
[PATCH] 291 Moved Tomcat-based TPS to separate folder.
by Endi Sukma Dewata
The source files for the new Tomcat-based TPS has been moved from
base/tps to base/tps-tomcat. The new TPS will now be build in pki-core
and packaged in pki-tps-tomcat RPM. The old TPS and RA have been
restored to the previous state before adding the new TPS. Once the new
TPS is complete, the old TPS can be removed, the new TPS can be moved
back to base/tps and the package can be renamed back to pki-tps.
Ticket #702
To verify old TPS restoration:
git diff b3316c83b2bb1da987ab5cca77a275eacb94036d -- base/tps
The remaining difference is the renaming of the CS.cfg parameters to
match other Java-based subsystems (which has corresponding changes in
pkicreate as well).
--
Endi S. Dewata
10 years, 7 months
[PATCH] initial patch to get tps configured through pkispawn
by Ade Lee
Hi,
This patch runs on top of Endi's patch for the initial skeleton. Its an
initial patch and will probably be cleaned up a bit more - but its ready
for a first review. And it will unblock Endi and Jack from doing other
things with a real configured system.
The config file I use has the following settings:
[DEFAULT]
pki_admin_password=redhat123
pki_client_pkcs12_password=redhat123
pki_ds_ldap_port=55389
pki_ds_ldaps_port=55636
pki_ds_password=redhat123
pki_security_domain_password=redhat123
pki_client_database_password=redhat123
[TPS]
pki_authdb_basedn=dc=redhat,dc=com
pki_authdb_port=56389
pki_enable_server_side_keygen=True
What this patch adds:
1. Rebased TPS CS.cfg on the config file for the TKS. This means
basically that I took the TKS config file and added the TPS bits,
modifying as needed. This means that most of the Java specific things
needed - like class definitions for authenticators are there.
2. Self tests for TPS now start to run. Only one test is configured
(SystemCertVerification) and that test starts and then quickly bombs out
as the test needs to modified to handle tps. I will add a patch to get
self tests working for the new tps shortly.
3. Authentication source ldap1 (the external authentication source) is
now configured using the authentication mechanisms in the Java
subsystems. Not sure if it works yet, but thats up to Jack to figure
out when he does the mod_tps conversion.
4. Signed audit logging config changed to use the version in the java
subsystems. Added the tps related events.
5. All substitutions are made as needed in CS.cfg
6. Added all the new parameters needed for configuring a TPS, and the
logic to do the configuration. This includes code to configure
connections to CA, KRA, OCSP etc.
7. Added all needed logic to the database ldif files. Those files were
previously not used in the TPS installation. I will remove the old
files in a subsequent patch.
Whats missing:
1. Self tests not working. Need to modify self tests and create TPS
specific self tests in Java.
2. Admin currently has no profileId auxilliary object attached. Will
add a patch to do that.
3. Will add a patch to automatically obtain the shared secret from the
TKS (through a servlet) from TPS.
4. Will add a patch to automatically generate the shared secret in TKS
installation, so that we wont have to do tkstool. Or at the very least,
call that from pkispawn.
5. There is no option currently to configure the TPS though a wizard
menu. Needs to be added in a separate patch.
10 years, 7 months